It has been discovered that twisted before 22.1 exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
twistedmatrix twisted |
||
debian debian linux 9.0 |
||
fedoraproject fedora 35 |
||
fedoraproject fedora 36 |