Python/Twisted/1.0.6

An asynchronous networking framework written in Python

https://pypi.org/project/Twisted
LGPL-3.0-or-later

2 Security Vulnerabilities

Improper Input Validation in Twisted

Published date: 2020-03-31T15:42:42Z
CVE: CVE-2020-10108
Links:

In Twisted Web before 20.3.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.

Affected versions: ["20.3.0rc1", "19.10.0", "19.10.0rc1", "19.7.0", "19.7.0rc1", "19.2.1", "19.2.0", "19.2.0rc2", "19.2.0rc1", "18.9.0", "18.9.0rc1", "18.7.0", "18.7.0rc2", "18.7.0rc1", "18.4.0", "18.4.0rc1", "17.9.0", "17.9.0rc1", "17.5.0", "17.1.0", "17.1.0rc1", "16.7.0rc2", "16.7.0rc1", "16.6.0", "16.6.0rc1", "16.5.0", "16.5.0rc2", "16.5.0rc1", "16.4.1", "16.4.0", "16.3.2", "16.3.1", "16.3.0", "16.2.0", "16.1.1", "16.1.0", "16.0.0", "15.5.0", "15.4.0", "15.3.0", "15.2.1", "15.2.0", "15.1.0", "15.0.0", "14.0.2", "14.0.1", "14.0.0", "13.2.0", "13.1.0", "13.0.0", "12.3.0", "12.2.0", "12.1.0", "12.0.0", "11.1.0", "11.0.0", "10.2.0", "10.1.0", "10.0.0", "9.0.0", "8.2.0", "8.1.0", "8.0.1", "8.0.0", "2.5.0", "2.4.0", "2.1.0", "1.2.0", "1.1.1", "1.1.0", "1.0.7", "1.0.6", "1.0.5", "1.0.4", "1.0.3", "1.0.1"]
Secure versions: [22.1.0, 22.10.0, 22.10.0rc1, 22.2.0, 22.2.0rc1, 22.4.0, 22.4.0rc1, 22.8.0, 22.8.0rc1, 23.10.0, 23.10.0rc1, 23.8.0, 23.8.0rc1, 24.10.0, 24.10.0rc1, 24.11.0, 24.11.0rc1, 24.11.0rc2, 24.2.0rc1, 24.3.0, 24.7.0, 24.7.0rc1, 24.7.0rc2, 25.5.0, 25.5.0rc1]
Recommendation: Update to version 25.5.0.

HTTP Request Smuggling in Twisted

Published date: 2020-03-31T15:40:12Z
CVE: CVE-2020-10109
Links:

In Twisted Web through 20.3.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.

Affected versions: ["20.3.0rc1", "19.10.0", "19.10.0rc1", "19.7.0", "19.7.0rc1", "19.2.1", "19.2.0", "19.2.0rc2", "19.2.0rc1", "18.9.0", "18.9.0rc1", "18.7.0", "18.7.0rc2", "18.7.0rc1", "18.4.0", "18.4.0rc1", "17.9.0", "17.9.0rc1", "17.5.0", "17.1.0", "17.1.0rc1", "16.7.0rc2", "16.7.0rc1", "16.6.0", "16.6.0rc1", "16.5.0", "16.5.0rc2", "16.5.0rc1", "16.4.1", "16.4.0", "16.3.2", "16.3.1", "16.3.0", "16.2.0", "16.1.1", "16.1.0", "16.0.0", "15.5.0", "15.4.0", "15.3.0", "15.2.1", "15.2.0", "15.1.0", "15.0.0", "14.0.2", "14.0.1", "14.0.0", "13.2.0", "13.1.0", "13.0.0", "12.3.0", "12.2.0", "12.1.0", "12.0.0", "11.1.0", "11.0.0", "10.2.0", "10.1.0", "10.0.0", "9.0.0", "8.2.0", "8.1.0", "8.0.1", "8.0.0", "2.5.0", "2.4.0", "2.1.0", "1.2.0", "1.1.1", "1.1.0", "1.0.7", "1.0.6", "1.0.5", "1.0.4", "1.0.3", "1.0.1"]
Secure versions: [22.1.0, 22.10.0, 22.10.0rc1, 22.2.0, 22.2.0rc1, 22.4.0, 22.4.0rc1, 22.8.0, 22.8.0rc1, 23.10.0, 23.10.0rc1, 23.8.0, 23.8.0rc1, 24.10.0, 24.10.0rc1, 24.11.0, 24.11.0rc1, 24.11.0rc2, 24.2.0rc1, 24.3.0, 24.7.0, 24.7.0rc1, 24.7.0rc2, 25.5.0, 25.5.0rc1]
Recommendation: Update to version 25.5.0.

109 Other Versions

Version License Security Released
17.9.0rc1 MIT 3 2017-09-04 - 08:41 over 8 years
17.5.0 MIT 3 2017-06-11 - 01:11 almost 9 years
17.1.0 MIT 3 2017-02-11 - 09:59 about 9 years
17.1.0rc1 MIT 3 2017-01-28 - 11:34 about 9 years
16.7.0rc2 MIT 3 2017-01-12 - 09:05 about 9 years
16.7.0rc1 MIT 3 2016-12-23 - 03:24 over 9 years
16.6.0 MIT 3 2016-11-25 - 19:54 over 9 years
16.6.0rc1 MIT 3 2016-11-10 - 04:50 over 9 years
16.5.0 MIT 3 2016-10-29 - 05:48 over 9 years
16.5.0rc2 MIT 3 2016-10-23 - 04:18 over 9 years
16.5.0rc1 MIT 3 2016-10-10 - 11:05 over 9 years
16.4.1 MIT 3 2016-09-14 - 17:37 over 9 years
16.4.0 MIT 3 2016-08-28 - 01:14 over 9 years
16.3.2 MIT 3 2016-08-19 - 06:38 over 9 years
16.3.1 MIT 3 2016-08-16 - 01:38 over 9 years
16.3.0 MIT 3 2016-07-06 - 12:06 almost 10 years
16.2.0 MIT 3 2016-05-18 - 08:09 almost 10 years
16.1.1 MIT 3 2016-04-11 - 02:55 almost 10 years
16.1.0 MIT 3 2016-04-04 - 07:23 about 10 years
16.0.0 MIT 3 2016-03-15 - 05:48 about 10 years
15.5.0 MIT 3 2015-11-29 - 04:39 over 10 years
15.4.0 MIT 3 2015-09-04 - 07:39 over 10 years
15.3.0 MIT 3 2015-08-04 - 06:38 over 10 years
15.2.1 MIT 3 2015-05-24 - 12:14 almost 11 years
15.2.0 MIT 3 2015-05-19 - 05:46 almost 11 years
15.1.0 MIT 3 2015-04-13 - 08:00 almost 11 years
15.0.0 MIT 3 2015-01-30 - 06:38 about 11 years
14.0.2 MIT 3 2014-09-18 - 14:10 over 11 years
14.0.1 MIT 3 2014-09-17 - 11:33 over 11 years
14.0.0 MIT 3 2014-05-12 - 10:51 almost 12 years
13.2.0 MIT 3 2013-11-08 - 16:20 over 12 years
13.1.0 MIT 3 2013-11-08 - 16:13 over 12 years
13.0.0 MIT 3 2013-04-04 - 10:13 about 13 years
12.3.0 MIT 3 2012-12-26 - 12:47 over 13 years
12.2.0 MIT 3 2012-09-01 - 07:20 over 13 years
12.1.0 MIT 3 2012-06-05 - 12:04 almost 14 years
12.0.0 MIT 3 2012-02-11 - 14:12 about 14 years
11.1.0 MIT 3 2011-11-17 - 17:36 over 14 years
11.0.0 MIT 2 2011-06-10 - 04:46 almost 15 years
10.2.0 MIT 2 2010-11-30 - 06:32 over 15 years
10.1.0 MIT 2 2010-07-04 - 17:14 almost 16 years
10.0.0 MIT 2 2010-03-05 - 22:13 about 16 years
9.0.0 MIT 2 2010-03-05 - 22:21 about 16 years
8.2.0 MIT 2 1970-01-01 - 00:00 over 56 years
8.1.0 MIT 2 1970-01-01 - 00:00 over 56 years
8.0.1 MIT 2 1970-01-01 - 00:00 over 56 years
8.0.0 MIT 2 1970-01-01 - 00:00 over 56 years
2.5.0 MIT 2 1970-01-01 - 00:00 over 56 years
2.4.0 MIT 2 1970-01-01 - 00:00 over 56 years
2.1.0 MIT 2 2005-10-11 - 15:44 over 20 years