rpm package
suse/python-Twisted&distro=SUSE Enterprise Storage 4
pkg:rpm/suse/python-Twisted&distro=SUSE%20Enterprise%20Storage%204
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-1000111 | — | < 15.2.1-8.1 | 15.2.1-8.1 | Mar 11, 2020 | Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI ap | ||
| CVE-2019-12855 | — | < 15.2.1-9.8.1 | 15.2.1-9.8.1 | Jun 16, 2019 | In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections. | ||
| CVE-2019-12387 | — | < 15.2.1-9.5.2 | 15.2.1-9.5.2 | Jun 10, 2019 | In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF. |
- CVE-2016-1000111Mar 11, 2020affected < 15.2.1-8.1fixed 15.2.1-8.1
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI ap
- CVE-2019-12855Jun 16, 2019affected < 15.2.1-9.8.1fixed 15.2.1-9.8.1
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
- CVE-2019-12387Jun 10, 2019affected < 15.2.1-9.5.2fixed 15.2.1-9.5.2
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.