AVG-2663 log
| Package | python-twisted |
| Status | Vulnerable |
| Severity | Medium |
| Type | multiple issues |
| Affected | 21.7.0-4 |
| Fixed | Unknown |
| Current | 24.7.0-1 [extra] |
| Ticket | FS#74362 |
| Created | Tue Apr 5 22:25:59 2022 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2022-24801 | Medium | Yes | Access restriction bypass | The Twisted Web HTTP 1.1 server prior to 22.4.0rc1, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than... |
| CVE-2022-21716 | Medium | Yes | Denial of service | The Twisted SSH client and server implementation prior to 22.2.0 naively accepted an infinite amount of data for the peer's SSH version identifier. A... |
| CVE-2022-21712 | Medium | Yes | Information disclosure | It has been discovered that twisted prior to 22.1 exposes cookies and authorization headers when following cross-origin redirects. This issue is present in... |