Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2022-21712 - log back

CVE-2022-21712 edited at 05 Apr 2022 22:28:39

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Information disclosure

Description

+	It has been discovered that twisted prior to 22.1 exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions.

References

+	https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx
+	https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2

Notes

CVE-2022-21712 created at 05 Apr 2022 22:25:59