Python/Twisted/19.2.0rc1

An asynchronous networking framework written in Python

Repo Link: https://pypi.org/project/Twisted
License: MIT

3 Security Vulnerabilities

Cookie and header exposure in twisted

Published date: 2022-02-07T22:36:00Z

CVE: CVE-2022-21712

Links:

Impact

Cookie and Authorization headers are leaked when following cross-origin redirects in twited.web.client.RedirectAgent and twisted.web.client.BrowserLikeRedirectAgent.

Affected versions: ["22.1.0rc1", "21.7.0", "21.7.0rc3", "21.7.0rc2", "21.7.0rc1", "21.2.0", "21.2.0rc1", "20.3.0", "20.3.0rc1", "19.10.0", "19.10.0rc1", "19.7.0", "19.7.0rc1", "19.2.1", "19.2.0", "19.2.0rc2", "19.2.0rc1", "18.9.0", "18.9.0rc1", "18.7.0", "18.7.0rc2", "18.7.0rc1", "18.4.0", "18.4.0rc1", "17.9.0", "17.9.0rc1", "17.5.0", "17.1.0", "17.1.0rc1", "16.7.0rc2", "16.7.0rc1", "16.6.0", "16.6.0rc1", "16.5.0", "16.5.0rc2", "16.5.0rc1", "16.4.1", "16.4.0", "16.3.2", "16.3.1", "16.3.0", "16.2.0", "16.1.1", "16.1.0", "16.0.0", "15.5.0", "15.4.0", "15.3.0", "15.2.1", "15.2.0", "15.1.0", "15.0.0", "14.0.2", "14.0.1", "14.0.0", "13.2.0", "13.1.0", "13.0.0", "12.3.0", "12.2.0", "12.1.0", "12.0.0", "11.1.0"]

Secure versions: [22.1.0, 22.10.0, 22.10.0rc1, 22.2.0, 22.2.0rc1, 22.4.0, 22.4.0rc1, 22.8.0, 22.8.0rc1, 23.10.0, 23.10.0rc1, 23.8.0, 23.8.0rc1, 24.10.0, 24.10.0rc1, 24.11.0, 24.11.0rc1, 24.11.0rc2, 24.2.0rc1, 24.3.0, 24.7.0, 24.7.0rc1, 24.7.0rc2, 25.5.0, 25.5.0rc1]

Recommendation: Update to version 25.5.0.

Improper Input Validation in Twisted

Published date: 2020-03-31T15:42:42Z

CVE: CVE-2020-10108

Links:

In Twisted Web before 20.3.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.

Affected versions: ["20.3.0rc1", "19.10.0", "19.10.0rc1", "19.7.0", "19.7.0rc1", "19.2.1", "19.2.0", "19.2.0rc2", "19.2.0rc1", "18.9.0", "18.9.0rc1", "18.7.0", "18.7.0rc2", "18.7.0rc1", "18.4.0", "18.4.0rc1", "17.9.0", "17.9.0rc1", "17.5.0", "17.1.0", "17.1.0rc1", "16.7.0rc2", "16.7.0rc1", "16.6.0", "16.6.0rc1", "16.5.0", "16.5.0rc2", "16.5.0rc1", "16.4.1", "16.4.0", "16.3.2", "16.3.1", "16.3.0", "16.2.0", "16.1.1", "16.1.0", "16.0.0", "15.5.0", "15.4.0", "15.3.0", "15.2.1", "15.2.0", "15.1.0", "15.0.0", "14.0.2", "14.0.1", "14.0.0", "13.2.0", "13.1.0", "13.0.0", "12.3.0", "12.2.0", "12.1.0", "12.0.0", "11.1.0", "11.0.0", "10.2.0", "10.1.0", "10.0.0", "9.0.0", "8.2.0", "8.1.0", "8.0.1", "8.0.0", "2.5.0", "2.4.0", "2.1.0", "1.2.0", "1.1.1", "1.1.0", "1.0.7", "1.0.6", "1.0.5", "1.0.4", "1.0.3", "1.0.1"]

Recommendation: Update to version 25.5.0.

HTTP Request Smuggling in Twisted

Published date: 2020-03-31T15:40:12Z

CVE: CVE-2020-10109

Links:

In Twisted Web through 20.3.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.

Recommendation: Update to version 25.5.0.

109 Other Versions

Version	License	Security	Released
25.5.0	MIT
25.5.0rc1	MIT
24.11.0	MIT		1970-01-01 - 00:00	over 56 years
24.11.0rc2	MIT		1970-01-01 - 00:00	over 56 years
24.11.0rc1	MIT		1970-01-01 - 00:00	over 56 years
24.10.0	MIT		1970-01-01 - 00:00	over 56 years
24.10.0rc1	MIT		1970-01-01 - 00:00	over 56 years
24.7.0	MIT		1970-01-01 - 00:00	over 56 years
24.7.0rc2	MIT		1970-01-01 - 00:00	over 56 years
24.7.0rc1	MIT		1970-01-01 - 00:00	over 56 years
24.3.0	MIT		1970-01-01 - 00:00	over 56 years
24.2.0rc1	MIT		1970-01-01 - 00:00	over 56 years
23.10.0	MIT		1970-01-01 - 00:00	over 56 years
23.10.0rc1	MIT		1970-01-01 - 00:00	over 56 years
23.8.0	UNKNOWN		1970-01-01 - 00:00	over 56 years
23.8.0rc1	UNKNOWN		1970-01-01 - 00:00	over 56 years
22.10.0	MIT		1970-01-01 - 00:00	over 56 years
22.10.0rc1	MIT		1970-01-01 - 00:00	over 56 years
22.8.0	MIT		1970-01-01 - 00:00	over 56 years
22.8.0rc1	MIT		1970-01-01 - 00:00	over 56 years
22.4.0	MIT		2022-04-11 - 14:55	almost 4 years
22.4.0rc1	MIT		2022-04-04 - 10:19	about 4 years
22.2.0	MIT		2022-03-03 - 12:12	about 4 years
22.2.0rc1	MIT		2022-02-08 - 14:30	about 4 years
22.1.0	MIT		2022-02-07 - 13:13	about 4 years
22.1.0rc1	MIT	1	2022-01-26 - 23:28	about 4 years
21.7.0	MIT	1	2021-07-28 - 08:42	over 4 years
21.7.0rc3	MIT	1	2021-07-23 - 09:46	over 4 years
21.7.0rc2	MIT	1	2021-07-20 - 23:19	over 4 years
21.7.0rc1	MIT	1	2021-07-10 - 11:33	over 4 years
21.2.0	MIT	1	2021-02-28 - 10:03	about 5 years
21.2.0rc1	MIT	1	2021-02-15 - 01:39	about 5 years
20.3.0	MIT	1	2020-03-20 - 13:02	about 6 years
20.3.0rc1	MIT	3	2020-03-08 - 11:39	about 6 years
19.10.0	MIT	3	2019-11-11 - 04:13	over 6 years
19.10.0rc1	MIT	3	2019-10-14 - 07:39	over 6 years
19.7.0	MIT	3	2019-08-06 - 02:26	over 6 years
19.7.0rc1	MIT	3	2019-07-21 - 14:25	over 6 years
19.2.1	MIT	3	2019-06-06 - 14:18	almost 7 years
19.2.0	MIT	3	2019-04-10 - 12:30	almost 7 years
19.2.0rc2	MIT	3	2019-03-27 - 09:55	about 7 years
19.2.0rc1	MIT	3	2019-02-24 - 18:59	about 7 years
18.9.0	MIT	3	2018-10-15 - 09:11	over 7 years
18.9.0rc1	MIT	3	2018-09-26 - 11:51	over 7 years
18.7.0	MIT	3	2018-07-13 - 19:03	over 7 years
18.7.0rc2	MIT	3	2018-07-05 - 19:28	almost 8 years
18.7.0rc1	MIT	3	2018-07-01 - 18:33	almost 8 years
18.4.0	MIT	3	2018-04-29 - 11:10	almost 8 years
18.4.0rc1	MIT	3	2018-03-31 - 14:21	about 8 years
17.9.0	MIT	3	2017-09-23 - 10:15	over 8 years