VYPR

Twisted

by Twisted

pypi: twisted

Source repositories

CVEs (6)

  • CVE-2022-24801HigApr 4, 2022
    risk 0.46cvss 8.1epss 0.03

    Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This…

  • CVE-2022-21716HigMar 3, 2022
    risk 0.42cvss 7.5epss 0.04

    Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available…

  • CVE-2022-21712HigFeb 7, 2022
    risk 0.42cvss 7.5epss 0.01

    twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent`…

  • CVE-2023-46137MedOct 25, 2023
    risk 0.35cvss 5.3epss 0.01

    Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled…

  • CVE-2024-41810MedJul 29, 2024
    risk 0.33cvss 6.1epss 0.01

    Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in…

  • CVE-2022-39348MedOct 26, 2022
    risk 0.28cvss 5.4epss 0.01

    Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response…