CVE-2026-49853정보

요약

\~에 의해 MITRE • 2026. 07. 14.

Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, SimpleAsyncHTTPClient shallow-copied redirected requests and removed only the Host header, leaving Authorization, auth_username, auth_password, and auth_mode in place when a redirect changed scheme, host, or port. This issue is fixed in version 6.5.6.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

출처

Interested in the pricing of exploits?

See the underground prices here!