AVG-2663 log

Package python-twisted
Status Vulnerable
Severity Medium
Type multiple issues
Affected 21.7.0-4
Fixed Unknown
Current 24.3.0-2 [extra]
Ticket FS#74362
Created Tue Apr 5 22:25:59 2022
Issue Severity Remote Type Description
CVE-2022-24801 Medium Yes Access restriction bypass
The Twisted Web HTTP 1.1 server prior to 22.4.0rc1, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than...
CVE-2022-21716 Medium Yes Denial of service
The Twisted SSH client and server implementation prior to 22.2.0 naively accepted an infinite amount of data for the peer's SSH version identifier.  A...
CVE-2022-21712 Medium Yes Information disclosure
It has been discovered that twisted prior to 22.1 exposes cookies and authorization headers when following cross-origin redirects. This issue is present in...