Search CVE reports
1 – 10 of 16 results
CVE-2024-41810
Medium priorityTwisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the...
1 affected packages
twisted
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
twisted | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2024-41671
Medium priorityTwisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information...
1 affected packages
twisted
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
twisted | Fixed | Fixed | Fixed | Fixed | Not affected |
CVE-2023-46137
Medium prioritySome fixes available 6 of 9
Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the...
1 affected packages
twisted
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
twisted | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2022-39348
Low prioritySome fixes available 2 of 6
Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders...
1 affected packages
twisted
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
twisted | Not affected | Fixed | Fixed | Vulnerable | Needs evaluation |
CVE-2022-24801
Medium prioritySome fixes available 6 of 11
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs...
1 affected packages
twisted
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
twisted | Fixed | Fixed | Ignored | Ignored | Vulnerable |
CVE-2022-21716
Medium priorityTwisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier....
1 affected packages
twisted
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
twisted | — | Fixed | Fixed | Fixed | Fixed |
CVE-2022-21712
Medium prioritySome fixes available 9 of 11
twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent`...
1 affected packages
twisted
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
twisted | Fixed | Fixed | Fixed | Fixed | Vulnerable |
CVE-2020-10109
Medium priorityIn Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was...
1 affected packages
twisted
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
twisted | — | — | — | Fixed | Fixed |
CVE-2020-10108
Medium priorityIn Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body...
1 affected packages
twisted
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
twisted | — | — | — | Fixed | Fixed |
CVE-2014-7143
Medium priorityPython Twisted 14.0 trustRoot is not respected in HTTP client
2 affected packages
twisted, twisted-py3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
twisted | — | — | — | — | — |
twisted-py3 | — | — | — | — | — |