rpm package
opensuse/python-Twisted&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/python-Twisted&distro=openSUSE%20Leap%2015.4
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-46137 | — | < 19.10.0-150200.3.21.1 | 19.10.0-150200.3.21.1 | Oct 25, 2023 | Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled b | ||
| CVE-2022-39348 | — | < 22.2.0-150400.5.7.1 | 22.2.0-150400.5.7.1 | Oct 26, 2022 | Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response a | ||
| CVE-2022-24801 | — | < 19.10.0-150200.3.9.1 | 19.10.0-150200.3.9.1 | Apr 4, 2022 | Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non | ||
| CVE-2022-21716 | — | < 19.10.0-150200.3.12.1 | 19.10.0-150200.3.12.1 | Mar 3, 2022 | Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available m | ||
| CVE-2020-10109 | — | < 19.10.0-150200.3.15.1 | 19.10.0-150200.3.15.1 | Mar 12, 2020 | In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request. |
- CVE-2023-46137Oct 25, 2023affected < 19.10.0-150200.3.21.1fixed 19.10.0-150200.3.21.1
Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled b
- CVE-2022-39348Oct 26, 2022affected < 22.2.0-150400.5.7.1fixed 22.2.0-150400.5.7.1
Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response a
- CVE-2022-24801Apr 4, 2022affected < 19.10.0-150200.3.9.1fixed 19.10.0-150200.3.9.1
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non
- CVE-2022-21716Mar 3, 2022affected < 19.10.0-150200.3.12.1fixed 19.10.0-150200.3.12.1
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available m
- CVE-2020-10109Mar 12, 2020affected < 19.10.0-150200.3.15.1fixed 19.10.0-150200.3.15.1
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.