High severity8.3OSV Advisory· Published Jul 29, 2024· Updated Apr 15, 2026
CVE-2024-41671
CVE-2024-41671
Description
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
twistedPyPI | < 24.7.0rc1 | 24.7.0rc1 |
Affected products
30- ghsa-coords29 versionspkg:pypi/twistedpkg:rpm/opensuse/matrix-synapse&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python3-Twisted&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/python-Twisted&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/python-Twisted&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-Twisted&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python3-Twisted&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python3-Twisted&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python3-Twisted&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5pkg:rpm/suse/python3-Twisted&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6pkg:rpm/suse/python3-Twisted&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python3-Twisted&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python3-Twisted&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/python3-Twisted&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/python-Twisted&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP5pkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4
< 24.7.0rc1+ 28 more
- (no CPE)range: < 24.7.0rc1
- (no CPE)range: < 1.112.0-1.1
- (no CPE)range: < 22.2.0-150400.21.1
- (no CPE)range: < 22.10.0-150400.5.23.1
- (no CPE)range: < 22.10.0-150400.5.23.1
- (no CPE)range: < 24.3.0-2.1
- (no CPE)range: < 22.2.0-150400.21.1
- (no CPE)range: < 22.2.0-150400.21.1
- (no CPE)range: < 22.2.0-150400.21.1
- (no CPE)range: < 22.2.0-150400.21.1
- (no CPE)range: < 22.2.0-150400.21.1
- (no CPE)range: < 22.2.0-150400.21.1
- (no CPE)range: < 22.2.0-150400.21.1
- (no CPE)range: < 22.2.0-150400.21.1
- (no CPE)range: < 19.10.0-150200.3.24.1
- (no CPE)range: < 19.10.0-150200.3.24.1
- (no CPE)range: < 19.10.0-150200.3.24.1
- (no CPE)range: < 22.10.0-150400.5.23.1
- (no CPE)range: < 22.10.0-150400.5.23.1
- (no CPE)range: < 22.10.0-150400.5.23.1
- (no CPE)range: < 22.10.0-150400.5.23.1
- (no CPE)range: < 22.10.0-150400.5.23.1
- (no CPE)range: < 15.2.1-9.26.1
- (no CPE)range: < 19.10.0-150200.3.24.1
- (no CPE)range: < 19.10.0-150200.3.24.1
- (no CPE)range: < 22.10.0-150400.5.23.1
- (no CPE)range: < 19.10.0-150200.3.24.1
- (no CPE)range: < 19.10.0-150200.3.24.1
- (no CPE)range: < 22.10.0-150400.5.23.1
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-c8m8-j448-xjx7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-41671ghsaADVISORY
- github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33nvdWEB
- github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abcnvdWEB
- github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7nvdWEB
- lists.debian.org/debian-lts-announce/2024/11/msg00028.htmlnvdWEB
- www.vicarius.io/vsociety/posts/disordered-http-pipeline-in-twistedweb-cve-2024-4167nvdWEB
News mentions
0No linked articles in our index yet.