Moderate severityNVD Advisory· Published Jun 10, 2019· Updated Aug 4, 2024
CVE-2019-12387
CVE-2019-12387
Description
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
twistedPyPI | < 19.2.1 | 19.2.1 |
Affected products
15- Twisted/twisted.webdescription
- ghsa-coords14 versionspkg:pypi/twistedpkg:rpm/opensuse/python-Twisted&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/python-Twisted&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/python-Twisted&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-Twisted&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-Twisted&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/python-Twisted&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/python-Twisted&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-Twisted&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-Twisted&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-Twisted&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-Twisted&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-Twisted&distro=SUSE%20Package%20Hub%2015
< 19.2.1+ 13 more
- (no CPE)range: < 19.2.1
- (no CPE)range: < 17.9.0-lp151.3.3.1
- (no CPE)range: < 17.9.0-lp151.3.3.1
- (no CPE)range: < 21.7.0-3.2
- (no CPE)range: < 15.2.1-9.5.2
- (no CPE)range: < 15.2.1-9.5.2
- (no CPE)range: < 15.2.1-9.5.2
- (no CPE)range: < 15.2.1-9.5.2
- (no CPE)range: < 15.2.1-9.5.2
- (no CPE)range: < 15.2.1-9.5.2
- (no CPE)range: < 15.2.1-9.5.2
- (no CPE)range: < 15.2.1-9.5.2
- (no CPE)range: < 15.2.1-9.5.2
- (no CPE)range: < 17.9.0-bp150.4.3.1
Patches
Vulnerability mechanics
References
16- lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.htmlghsavendor-advisoryx_refsource_SUSEWEB
- lists.opensuse.org/opensuse-security-announce/2019-07/msg00042.htmlghsavendor-advisoryx_refsource_SUSEWEB
- github.com/advisories/GHSA-6cc5-2vg4-cc7mghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2019-12387ghsaADVISORY
- usn.ubuntu.com/4308-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4308-2/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-128.yamlghsaWEB
- github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2ghsax_refsource_CONFIRMWEB
- labs.twistedmatrix.com/2019/06/twisted-1921-released.htmlghsax_refsource_CONFIRMWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7NghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7NghsaWEB
- twistedmatrix.com/pipermail/twisted-python/2019-June/032352.htmlghsax_refsource_CONFIRMWEB
- usn.ubuntu.com/4308-1ghsaWEB
- usn.ubuntu.com/4308-2ghsaWEB
- www.oracle.com/security-alerts/cpuapr2020.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.