Name of the Vulnerable Software and Affected Versions Tornado (affected versions not specified)

Description A difference in cookie parsing between Tornado and web browsers, especially when combined with Google Analytics, could allow an attacker to set arbitrary cookies and bypass XSRF protection. The issue is related to the cookie parser.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.