Python/Twisted/1.0.5

An asynchronous networking framework written in Python

https://pypi.org/project/Twisted
LGPL-3.0-or-later

2 Security Vulnerabilities

Improper Input Validation in Twisted

Published date: 2020-03-31T15:42:42Z
CVE: CVE-2020-10108
Links:

In Twisted Web before 20.3.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.

Affected versions: ["20.3.0rc1", "19.10.0", "19.10.0rc1", "19.7.0", "19.7.0rc1", "19.2.1", "19.2.0", "19.2.0rc2", "19.2.0rc1", "18.9.0", "18.9.0rc1", "18.7.0", "18.7.0rc2", "18.7.0rc1", "18.4.0", "18.4.0rc1", "17.9.0", "17.9.0rc1", "17.5.0", "17.1.0", "17.1.0rc1", "16.7.0rc2", "16.7.0rc1", "16.6.0", "16.6.0rc1", "16.5.0", "16.5.0rc2", "16.5.0rc1", "16.4.1", "16.4.0", "16.3.2", "16.3.1", "16.3.0", "16.2.0", "16.1.1", "16.1.0", "16.0.0", "15.5.0", "15.4.0", "15.3.0", "15.2.1", "15.2.0", "15.1.0", "15.0.0", "14.0.2", "14.0.1", "14.0.0", "13.2.0", "13.1.0", "13.0.0", "12.3.0", "12.2.0", "12.1.0", "12.0.0", "11.1.0", "11.0.0", "10.2.0", "10.1.0", "10.0.0", "9.0.0", "8.2.0", "8.1.0", "8.0.1", "8.0.0", "2.5.0", "2.4.0", "2.1.0", "1.2.0", "1.1.1", "1.1.0", "1.0.7", "1.0.6", "1.0.5", "1.0.4", "1.0.3", "1.0.1"]
Secure versions: [22.1.0, 22.10.0, 22.10.0rc1, 22.2.0, 22.2.0rc1, 22.4.0, 22.4.0rc1, 22.8.0, 22.8.0rc1, 23.10.0, 23.10.0rc1, 23.8.0, 23.8.0rc1, 24.10.0, 24.10.0rc1, 24.11.0, 24.11.0rc1, 24.11.0rc2, 24.2.0rc1, 24.3.0, 24.7.0, 24.7.0rc1, 24.7.0rc2, 25.5.0, 25.5.0rc1]
Recommendation: Update to version 25.5.0.

HTTP Request Smuggling in Twisted

Published date: 2020-03-31T15:40:12Z
CVE: CVE-2020-10109
Links:

In Twisted Web through 20.3.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.

Affected versions: ["20.3.0rc1", "19.10.0", "19.10.0rc1", "19.7.0", "19.7.0rc1", "19.2.1", "19.2.0", "19.2.0rc2", "19.2.0rc1", "18.9.0", "18.9.0rc1", "18.7.0", "18.7.0rc2", "18.7.0rc1", "18.4.0", "18.4.0rc1", "17.9.0", "17.9.0rc1", "17.5.0", "17.1.0", "17.1.0rc1", "16.7.0rc2", "16.7.0rc1", "16.6.0", "16.6.0rc1", "16.5.0", "16.5.0rc2", "16.5.0rc1", "16.4.1", "16.4.0", "16.3.2", "16.3.1", "16.3.0", "16.2.0", "16.1.1", "16.1.0", "16.0.0", "15.5.0", "15.4.0", "15.3.0", "15.2.1", "15.2.0", "15.1.0", "15.0.0", "14.0.2", "14.0.1", "14.0.0", "13.2.0", "13.1.0", "13.0.0", "12.3.0", "12.2.0", "12.1.0", "12.0.0", "11.1.0", "11.0.0", "10.2.0", "10.1.0", "10.0.0", "9.0.0", "8.2.0", "8.1.0", "8.0.1", "8.0.0", "2.5.0", "2.4.0", "2.1.0", "1.2.0", "1.1.1", "1.1.0", "1.0.7", "1.0.6", "1.0.5", "1.0.4", "1.0.3", "1.0.1"]
Secure versions: [22.1.0, 22.10.0, 22.10.0rc1, 22.2.0, 22.2.0rc1, 22.4.0, 22.4.0rc1, 22.8.0, 22.8.0rc1, 23.10.0, 23.10.0rc1, 23.8.0, 23.8.0rc1, 24.10.0, 24.10.0rc1, 24.11.0, 24.11.0rc1, 24.11.0rc2, 24.2.0rc1, 24.3.0, 24.7.0, 24.7.0rc1, 24.7.0rc2, 25.5.0, 25.5.0rc1]
Recommendation: Update to version 25.5.0.

109 Other Versions

Version License Security Released
1.2.0 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
1.1.1 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
1.1.0 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
1.0.7 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
1.0.6 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
1.0.5 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
1.0.4 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
1.0.3 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
1.0.1 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years