rpm package
opensuse/python-Twisted&distro=openSUSE Leap 15.5
pkg:rpm/opensuse/python-Twisted&distro=openSUSE%20Leap%2015.5
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-41810 | — | < 22.10.0-150400.5.23.1 | 22.10.0-150400.5.23.1 | Jul 29, 2024 | Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflecte | ||
| CVE-2024-41671 | Hig | 8.3 | < 22.10.0-150400.5.23.1 | 22.10.0-150400.5.23.1 | Jul 29, 2024 | Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1. | |
| CVE-2023-46137 | — | < 22.10.0-150400.5.13.1 | 22.10.0-150400.5.13.1 | Oct 25, 2023 | Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled b | ||
| CVE-2023-28859 | — | < 22.10.0-150400.5.17.4 | 22.10.0-150400.5.17.4 | Mar 26, 2023 | redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutio | ||
| CVE-2023-28858 | — | < 22.10.0-150400.5.17.4 | 22.10.0-150400.5.17.4 | Mar 26, 2023 | redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT |
- CVE-2024-41810Jul 29, 2024affected < 22.10.0-150400.5.23.1fixed 22.10.0-150400.5.23.1
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflecte
- affected < 22.10.0-150400.5.23.1fixed 22.10.0-150400.5.23.1
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.
- CVE-2023-46137Oct 25, 2023affected < 22.10.0-150400.5.13.1fixed 22.10.0-150400.5.13.1
Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled b
- CVE-2023-28859Mar 26, 2023affected < 22.10.0-150400.5.17.4fixed 22.10.0-150400.5.17.4
redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutio
- CVE-2023-28858Mar 26, 2023affected < 22.10.0-150400.5.17.4fixed 22.10.0-150400.5.17.4
redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT