Tornado - Cache prisoning vulnerability

Hi,
I have learnt that Tornado is vulnerable to proxy cache poising attack.
Is there a way to disable that kind of caching to resolve that vulnerability issue? Thanks.

1 Like

Hi @Arnina, welcome to the Streamlit community!

Can you provide a bit more information about what you read (links preferably), so that I can forward this to our engineering staff?

Best,
Randy

Hi @randyzwitch ,
Thanks for your quick reply.
Sure.
Web Cache Poisoning in tornado | Snyk
NVD - CVE-2020-28476 (nist.gov)

Per this SO answer, it appears that this issue is in Base Python and is fixed via their patch releases. Not sure this is really a Streamlit responsibility (though, good for us to understand)

Best,
Randy

1 Like