Python/Twisted/19.7.0rc1

An asynchronous networking framework written in Python

Repo Link: https://pypi.org/project/Twisted
License: MIT

3 Security Vulnerabilities

Cookie and header exposure in twisted

Published date: 2022-02-07T22:36:00Z

CVE: CVE-2022-21712

Links:

Impact

Cookie and Authorization headers are leaked when following cross-origin redirects in twited.web.client.RedirectAgent and twisted.web.client.BrowserLikeRedirectAgent.

Affected versions: ["22.1.0rc1", "21.7.0", "21.7.0rc3", "21.7.0rc2", "21.7.0rc1", "21.2.0", "21.2.0rc1", "20.3.0", "20.3.0rc1", "19.10.0", "19.10.0rc1", "19.7.0", "19.7.0rc1", "19.2.1", "19.2.0", "19.2.0rc2", "19.2.0rc1", "18.9.0", "18.9.0rc1", "18.7.0", "18.7.0rc2", "18.7.0rc1", "18.4.0", "18.4.0rc1", "17.9.0", "17.9.0rc1", "17.5.0", "17.1.0", "17.1.0rc1", "16.7.0rc2", "16.7.0rc1", "16.6.0", "16.6.0rc1", "16.5.0", "16.5.0rc2", "16.5.0rc1", "16.4.1", "16.4.0", "16.3.2", "16.3.1", "16.3.0", "16.2.0", "16.1.1", "16.1.0", "16.0.0", "15.5.0", "15.4.0", "15.3.0", "15.2.1", "15.2.0", "15.1.0", "15.0.0", "14.0.2", "14.0.1", "14.0.0", "13.2.0", "13.1.0", "13.0.0", "12.3.0", "12.2.0", "12.1.0", "12.0.0", "11.1.0"]

Secure versions: [22.1.0, 22.10.0, 22.10.0rc1, 22.2.0, 22.2.0rc1, 22.4.0, 22.4.0rc1, 22.8.0, 22.8.0rc1, 23.10.0, 23.10.0rc1, 23.8.0, 23.8.0rc1, 24.10.0, 24.10.0rc1, 24.11.0, 24.11.0rc1, 24.11.0rc2, 24.2.0rc1, 24.3.0, 24.7.0, 24.7.0rc1, 24.7.0rc2, 25.5.0, 25.5.0rc1]

Recommendation: Update to version 25.5.0.

Improper Input Validation in Twisted

Published date: 2020-03-31T15:42:42Z

CVE: CVE-2020-10108

Links:

In Twisted Web before 20.3.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.

Affected versions: ["20.3.0rc1", "19.10.0", "19.10.0rc1", "19.7.0", "19.7.0rc1", "19.2.1", "19.2.0", "19.2.0rc2", "19.2.0rc1", "18.9.0", "18.9.0rc1", "18.7.0", "18.7.0rc2", "18.7.0rc1", "18.4.0", "18.4.0rc1", "17.9.0", "17.9.0rc1", "17.5.0", "17.1.0", "17.1.0rc1", "16.7.0rc2", "16.7.0rc1", "16.6.0", "16.6.0rc1", "16.5.0", "16.5.0rc2", "16.5.0rc1", "16.4.1", "16.4.0", "16.3.2", "16.3.1", "16.3.0", "16.2.0", "16.1.1", "16.1.0", "16.0.0", "15.5.0", "15.4.0", "15.3.0", "15.2.1", "15.2.0", "15.1.0", "15.0.0", "14.0.2", "14.0.1", "14.0.0", "13.2.0", "13.1.0", "13.0.0", "12.3.0", "12.2.0", "12.1.0", "12.0.0", "11.1.0", "11.0.0", "10.2.0", "10.1.0", "10.0.0", "9.0.0", "8.2.0", "8.1.0", "8.0.1", "8.0.0", "2.5.0", "2.4.0", "2.1.0", "1.2.0", "1.1.1", "1.1.0", "1.0.7", "1.0.6", "1.0.5", "1.0.4", "1.0.3", "1.0.1"]

Recommendation: Update to version 25.5.0.

HTTP Request Smuggling in Twisted

Published date: 2020-03-31T15:40:12Z

CVE: CVE-2020-10109

Links:

In Twisted Web through 20.3.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.

Recommendation: Update to version 25.5.0.

109 Other Versions

Version	License	Security	Released
17.9.0rc1	MIT	3	2017-09-04 - 08:41	over 8 years
17.5.0	MIT	3	2017-06-11 - 01:11	almost 9 years
17.1.0	MIT	3	2017-02-11 - 09:59	about 9 years
17.1.0rc1	MIT	3	2017-01-28 - 11:34	about 9 years
16.7.0rc2	MIT	3	2017-01-12 - 09:05	about 9 years
16.7.0rc1	MIT	3	2016-12-23 - 03:24	over 9 years
16.6.0	MIT	3	2016-11-25 - 19:54	over 9 years
16.6.0rc1	MIT	3	2016-11-10 - 04:50	over 9 years
16.5.0	MIT	3	2016-10-29 - 05:48	over 9 years
16.5.0rc2	MIT	3	2016-10-23 - 04:18	over 9 years
16.5.0rc1	MIT	3	2016-10-10 - 11:05	over 9 years
16.4.1	MIT	3	2016-09-14 - 17:37	over 9 years
16.4.0	MIT	3	2016-08-28 - 01:14	over 9 years
16.3.2	MIT	3	2016-08-19 - 06:38	over 9 years
16.3.1	MIT	3	2016-08-16 - 01:38	over 9 years
16.3.0	MIT	3	2016-07-06 - 12:06	almost 10 years
16.2.0	MIT	3	2016-05-18 - 08:09	almost 10 years
16.1.1	MIT	3	2016-04-11 - 02:55	almost 10 years
16.1.0	MIT	3	2016-04-04 - 07:23	about 10 years
16.0.0	MIT	3	2016-03-15 - 05:48	about 10 years
15.5.0	MIT	3	2015-11-29 - 04:39	over 10 years
15.4.0	MIT	3	2015-09-04 - 07:39	over 10 years
15.3.0	MIT	3	2015-08-04 - 06:38	over 10 years
15.2.1	MIT	3	2015-05-24 - 12:14	almost 11 years
15.2.0	MIT	3	2015-05-19 - 05:46	almost 11 years
15.1.0	MIT	3	2015-04-13 - 08:00	almost 11 years
15.0.0	MIT	3	2015-01-30 - 06:38	about 11 years
14.0.2	MIT	3	2014-09-18 - 14:10	over 11 years
14.0.1	MIT	3	2014-09-17 - 11:33	over 11 years
14.0.0	MIT	3	2014-05-12 - 10:51	almost 12 years
13.2.0	MIT	3	2013-11-08 - 16:20	over 12 years
13.1.0	MIT	3	2013-11-08 - 16:13	over 12 years
13.0.0	MIT	3	2013-04-04 - 10:13	about 13 years
12.3.0	MIT	3	2012-12-26 - 12:47	over 13 years
12.2.0	MIT	3	2012-09-01 - 07:20	over 13 years
12.1.0	MIT	3	2012-06-05 - 12:04	almost 14 years
12.0.0	MIT	3	2012-02-11 - 14:12	about 14 years
11.1.0	MIT	3	2011-11-17 - 17:36	over 14 years
11.0.0	MIT	2	2011-06-10 - 04:46	almost 15 years
10.2.0	MIT	2	2010-11-30 - 06:32	over 15 years
10.1.0	MIT	2	2010-07-04 - 17:14	almost 16 years
10.0.0	MIT	2	2010-03-05 - 22:13	about 16 years
9.0.0	MIT	2	2010-03-05 - 22:21	about 16 years
8.2.0	MIT	2	1970-01-01 - 00:00	over 56 years
8.1.0	MIT	2	1970-01-01 - 00:00	over 56 years
8.0.1	MIT	2	1970-01-01 - 00:00	over 56 years
8.0.0	MIT	2	1970-01-01 - 00:00	over 56 years
2.5.0	MIT	2	1970-01-01 - 00:00	over 56 years
2.4.0	MIT	2	1970-01-01 - 00:00	over 56 years
2.1.0	MIT	2	2005-10-11 - 15:44	over 20 years