python-twisted
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Asynchronous networking framework written in Python |
| Version | 24.3.0-2 [extra] |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2663 | 21.7.0-4 | Medium | Vulnerable | FS#74362 |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2022-24801 | AVG-2663 | Medium | Yes | Access restriction bypass | The Twisted Web HTTP 1.1 server prior to 22.4.0rc1, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than... |
| CVE-2022-21716 | AVG-2663 | Medium | Yes | Denial of service | The Twisted SSH client and server implementation prior to 22.2.0 naively accepted an infinite amount of data for the peer's SSH version identifier. A... |
| CVE-2022-21712 | AVG-2663 | Medium | Yes | Information disclosure | It has been discovered that twisted prior to 22.1 exposes cookies and authorization headers when following cross-origin redirects. This issue is present in... |