Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
twistedmatrix twisted vulnerabilities and exploits
(subscribe to this query)
7.4
CVSSv3
CVE-2019-12855
In words.protocols.jabber.xmlstream in Twisted up to and including 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an malicious user to MITM connections.
Twistedmatrix Twisted
5.3
CVSSv3
CVE-2023-46137
Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled b...
Twistedmatrix Twisted
2 Github repositories
7.5
CVSSv3
CVE-2014-7143
Python Twisted 14.0 trustRoot is not respected in HTTP client
Twistedmatrix Twisted 14.0.0
5.4
CVSSv3
CVE-2022-39348
Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response a...
Twistedmatrix Twisted
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2022-21712
twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functi...
Twistedmatrix Twisted
Debian Debian Linux 9.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
8.1
CVSSv3
CVE-2022-24801
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non...
Twistedmatrix Twisted
Debian Debian Linux 9.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Oracle Zfs Storage Appliance Kit 8.8
7.5
CVSSv3
CVE-2022-21716
Twisted is an event-based framework for internet applications, supporting Python 3.6+. before 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the availabl...
Twistedmatrix Twisted
Debian Debian Linux 9.0
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
Fedoraproject Fedora 35
Fedoraproject Fedora 36
9.8
CVSSv3
CVE-2020-10109
In Twisted Web up to and including 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.
Twistedmatrix Twisted
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
6.1
CVSSv3
CVE-2019-12387
In Twisted prior to 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an malicious user to inject invalid characters such as CRLF.
Twistedmatrix Twisted
Fedoraproject Fedora 29
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Oracle Solaris 11
Oracle Zfs Storage Appliance Kit 8.8
9.8
CVSSv3
CVE-2020-10108
In Twisted Web up to and including 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined reques...
Twistedmatrix Twisted
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Oracle Solaris 11
Oracle Solaris 10
Oracle Zfs Storage Appliance Kit 8.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started