Description
CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.
Remediation
References
Related Vulnerabilities
MySQL CVE-2020-14567 Vulnerability (CVE-2020-14567)
Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-7464)
MySQL CVE-2018-2813 Vulnerability (CVE-2018-2813)
WordPress Plugin UserPro-Community and User Profile Multiple Vulnerabilities (5.1.4)
MediaWiki Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2021-41799)