In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were not checked for crafted characters.
6.3.2-16.4.0-0ubuntu16.4.0-16.4.0-1build16.4.0-1ubuntu0.16.4.0-1ubuntu0.26.4.0-1ubuntu0.46.4.2-16.4.2-26.4.2-2ubuntu16.4.2-36.4.2-3ubuntu0.24.2.1-1ubuntu24.2.1-1ubuntu34.2.1-1ubuntu3.14.2.1-1ubuntu3.1+esm14.2.1-1ubuntu3.1+esm24.5.1-2.1~build24.5.2-14.5.3-14.5.3-1ubuntu0.14.5.3-1ubuntu0.24.5.3-1ubuntu0.2+esm14.5.3-1ubuntu0.2+esm25.1.1-4ubuntu15.1.1-4ubuntu56.0.3+really5.1.1-26.0.3+really5.1.1-2build16.0.3+really5.1.1-2build26.0.3+really5.1.1-36.0.3+really5.1.1-3ubuntu0.1~esm16.0.3+really5.1.1-3ubuntu0.1~esm36.1.0-1build16.1.0-26.1.0-36.1.0-3build16.1.0-3ubuntu0.1~esm16.1.0-3ubuntu0.1~esm26.1.0-3ubuntu0.1~esm4Exploitability
AV:NAC:LPR:NUI:NScope
S:CImpact
C:LI:LA:NCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N