Read Time:29 Second
It was discovered that Tornado incorrectly handled a certain redirect.
A remote attacker could possibly use this issue to redirect a user to an
arbitrary web site and conduct a phishing attack by having the user access
a specially crafted URL. This update provides the corresponding fix for
Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. (CVE-2023-28370)
It was discovered that Tornado inefficiently handled requests when parsing
cookies. An attacker could possibly use this issue to increase resource
utilization leading to a denial of service. (CVE-2024-52804)