python-twisted
Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
Description | Asynchronous networking framework written in Python |
Version |
24.3.0-4 [extra-testing] 24.3.0-2 [extra] |
Open
Group | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|
AVG-2663 | 21.7.0-4 | Medium | Vulnerable | FS#74362 |
Issue | Group | Severity | Remote | Type | Description |
---|---|---|---|---|---|
CVE-2022-24801 | AVG-2663 | Medium | Yes | Access restriction bypass | The Twisted Web HTTP 1.1 server prior to 22.4.0rc1, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than... |
CVE-2022-21716 | AVG-2663 | Medium | Yes | Denial of service | The Twisted SSH client and server implementation prior to 22.2.0 naively accepted an infinite amount of data for the peer's SSH version identifier. A... |
CVE-2022-21712 | AVG-2663 | Medium | Yes | Information disclosure | It has been discovered that twisted prior to 22.1 exposes cookies and authorization headers when following cross-origin redirects. This issue is present in... |