python-twisted

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Asynchronous networking framework written in Python
Version 21.7.0-4 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-2663 21.7.0-4 Medium Vulnerable FS#74362
Issue Group Severity Remote Type Description
CVE-2022-24801 AVG-2663 Medium Yes Access restriction bypass
The Twisted Web HTTP 1.1 server prior to 22.4.0rc1, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than...
CVE-2022-21716 AVG-2663 Medium Yes Denial of service
The Twisted SSH client and server implementation prior to 22.2.0 naively accepted an infinite amount of data for the peer's SSH version identifier.  A...
CVE-2022-21712 AVG-2663 Medium Yes Information disclosure
It has been discovered that twisted prior to 22.1 exposes cookies and authorization headers when following cross-origin redirects. This issue is present in...