High severity7.5NVD Advisory· Published Feb 7, 2022· Updated Jun 17, 2026
CVE-2022-21712
CVE-2022-21712
Description
twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the twited.web.RedirectAgent and twisted.web. BrowserLikeRedirectAgent functions. Users are advised to upgrade. There are no known workarounds.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
TwistedPyPI | >= 11.1.0, < 22.1.0 | 22.1.0 |
Affected products
22- ghsa-coords21 versionspkg:pypi/twistedpkg:rpm/opensuse/python-Twisted&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/python-Twisted&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-Twisted&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-Twisted&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3pkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/python-Twisted&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/python-Twisted&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/python-Twisted&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/python-Twisted&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-Twisted&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-Twisted&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-Twisted&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
>= 11.1.0, < 22.1.0+ 20 more
- (no CPE)range: >= 11.1.0, < 22.1.0
- (no CPE)range: < 19.10.0-3.6.1
- (no CPE)range: < 22.1.0-1.1
- (no CPE)range: < 15.2.1-9.11.1
- (no CPE)range: < 19.10.0-3.6.1
- (no CPE)range: < 19.10.0-3.6.1
- (no CPE)range: < 19.10.0-3.6.1
- (no CPE)range: < 19.10.0-3.6.1
- (no CPE)range: < 19.10.0-3.6.1
- (no CPE)range: < 15.2.1-9.11.1
- (no CPE)range: < 19.10.0-3.6.1
- (no CPE)range: < 19.10.0-3.6.1
- (no CPE)range: < 19.10.0-3.6.1
- (no CPE)range: < 19.10.0-3.6.1
- (no CPE)range: < 19.10.0-3.6.1
- (no CPE)range: < 19.10.0-3.6.1
- (no CPE)range: < 19.10.0-3.6.1
- (no CPE)range: < 15.2.1-9.11.1
- (no CPE)range: < 15.2.1-9.11.1
- (no CPE)range: < 15.2.1-9.11.1
- (no CPE)range: < 15.2.1-9.11.1
Patches
Vulnerability mechanics
References
15- github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-92x2-jw7w-xvvxghsaADVISORY
- github.com/twisted/twisted/releases/tag/twisted-22.1.0nvdRelease NotesThird Party AdvisoryWEB
- github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvxnvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2022-21712ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-27.yamlghsaWEB
- lists.debian.org/debian-lts-announce/2022/02/msg00021.htmlnvdWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5KghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5KghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6ghsaWEB
- pypi.org/project/TwistedghsaWEB
- security.gentoo.org/glsa/202301-02nvdWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/nvd
News mentions
0No linked articles in our index yet.