rpm package
suse/python-Twisted&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
pkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-41810 | — | < 19.10.0-150200.3.24.1 | 19.10.0-150200.3.24.1 | Jul 29, 2024 | Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflecte | ||
| CVE-2024-41671 | Hig | 8.3 | < 19.10.0-150200.3.24.1 | 19.10.0-150200.3.24.1 | Jul 29, 2024 | Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1. | |
| CVE-2022-21716 | — | < 19.10.0-150200.3.12.1 | 19.10.0-150200.3.12.1 | Mar 3, 2022 | Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available m | ||
| CVE-2022-21712 | — | < 19.10.0-3.6.1 | 19.10.0-3.6.1 | Feb 7, 2022 | twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functi | ||
| CVE-2020-10109 | — | < 19.10.0-150200.3.15.1 | 19.10.0-150200.3.15.1 | Mar 12, 2020 | In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request. |
- CVE-2024-41810Jul 29, 2024affected < 19.10.0-150200.3.24.1fixed 19.10.0-150200.3.24.1
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflecte
- affected < 19.10.0-150200.3.24.1fixed 19.10.0-150200.3.24.1
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.
- CVE-2022-21716Mar 3, 2022affected < 19.10.0-150200.3.12.1fixed 19.10.0-150200.3.12.1
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available m
- CVE-2022-21712Feb 7, 2022affected < 19.10.0-3.6.1fixed 19.10.0-3.6.1
twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functi
- CVE-2020-10109Mar 12, 2020affected < 19.10.0-150200.3.15.1fixed 19.10.0-150200.3.15.1
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.