rpm package
suse/python-Twisted&distro=SUSE OpenStack Cloud 9
pkg:rpm/suse/python-Twisted&distro=SUSE%20OpenStack%20Cloud%209
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-39348 | — | < 15.2.1-9.23.1 | 15.2.1-9.23.1 | Oct 26, 2022 | Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response a | ||
| CVE-2022-24801 | — | < 15.2.1-9.14.1 | 15.2.1-9.14.1 | Apr 4, 2022 | Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non | ||
| CVE-2022-21716 | — | < 15.2.1-9.17.1 | 15.2.1-9.17.1 | Mar 3, 2022 | Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available m | ||
| CVE-2022-21712 | — | < 15.2.1-9.11.1 | 15.2.1-9.11.1 | Feb 7, 2022 | twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functi | ||
| CVE-2020-10108 | — | < 15.2.1-9.20.1 | 15.2.1-9.20.1 | Mar 12, 2020 | In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request. | ||
| CVE-2020-10109 | — | < 15.2.1-9.20.1 | 15.2.1-9.20.1 | Mar 12, 2020 | In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request. | ||
| CVE-2019-12855 | — | < 15.2.1-9.8.1 | 15.2.1-9.8.1 | Jun 16, 2019 | In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections. | ||
| CVE-2019-12387 | — | < 15.2.1-9.5.2 | 15.2.1-9.5.2 | Jun 10, 2019 | In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF. |
- CVE-2022-39348Oct 26, 2022affected < 15.2.1-9.23.1fixed 15.2.1-9.23.1
Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response a
- CVE-2022-24801Apr 4, 2022affected < 15.2.1-9.14.1fixed 15.2.1-9.14.1
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non
- CVE-2022-21716Mar 3, 2022affected < 15.2.1-9.17.1fixed 15.2.1-9.17.1
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available m
- CVE-2022-21712Feb 7, 2022affected < 15.2.1-9.11.1fixed 15.2.1-9.11.1
twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functi
- CVE-2020-10108Mar 12, 2020affected < 15.2.1-9.20.1fixed 15.2.1-9.20.1
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
- CVE-2020-10109Mar 12, 2020affected < 15.2.1-9.20.1fixed 15.2.1-9.20.1
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.
- CVE-2019-12855Jun 16, 2019affected < 15.2.1-9.8.1fixed 15.2.1-9.8.1
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
- CVE-2019-12387Jun 10, 2019affected < 15.2.1-9.5.2fixed 15.2.1-9.5.2
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.