A flaw was found in python-twisted. This vulnerability occurs due to the parsing of illegal constructs in the twisted.web.http module. The illegal constructs include '+/-' in the Content-Length header, '\n and \t' etc. Non-conformant parsing leads to a desync if requests pass through multiple HTTP parsers. This flaw allows a remote malicious user to perform an HTTP request smuggling attack. (CVE-2022-24801)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
twistedmatrix twisted |
||
debian debian linux 9.0 |
||
fedoraproject fedora 35 |
||
fedoraproject fedora 36 |
||
oracle zfs storage appliance kit 8.8 |