Python/Twisted/21.2.0rc1

An asynchronous networking framework written in Python

https://pypi.org/project/Twisted
MIT

1 Security Vulnerabilities

Cookie and header exposure in twisted

Published date: 2022-02-07T22:36:00Z
CVE: CVE-2022-21712
Links:

Impact

Cookie and Authorization headers are leaked when following cross-origin redirects in twited.web.client.RedirectAgent and twisted.web.client.BrowserLikeRedirectAgent.

Affected versions: ["22.1.0rc1", "21.7.0", "21.7.0rc3", "21.7.0rc2", "21.7.0rc1", "21.2.0", "21.2.0rc1", "20.3.0", "20.3.0rc1", "19.10.0", "19.10.0rc1", "19.7.0", "19.7.0rc1", "19.2.1", "19.2.0", "19.2.0rc2", "19.2.0rc1", "18.9.0", "18.9.0rc1", "18.7.0", "18.7.0rc2", "18.7.0rc1", "18.4.0", "18.4.0rc1", "17.9.0", "17.9.0rc1", "17.5.0", "17.1.0", "17.1.0rc1", "16.7.0rc2", "16.7.0rc1", "16.6.0", "16.6.0rc1", "16.5.0", "16.5.0rc2", "16.5.0rc1", "16.4.1", "16.4.0", "16.3.2", "16.3.1", "16.3.0", "16.2.0", "16.1.1", "16.1.0", "16.0.0", "15.5.0", "15.4.0", "15.3.0", "15.2.1", "15.2.0", "15.1.0", "15.0.0", "14.0.2", "14.0.1", "14.0.0", "13.2.0", "13.1.0", "13.0.0", "12.3.0", "12.2.0", "12.1.0", "12.0.0", "11.1.0"]
Secure versions: [22.1.0, 22.10.0, 22.10.0rc1, 22.2.0, 22.2.0rc1, 22.4.0, 22.4.0rc1, 22.8.0, 22.8.0rc1, 23.10.0, 23.10.0rc1, 23.8.0, 23.8.0rc1, 24.10.0, 24.10.0rc1, 24.11.0, 24.11.0rc1, 24.11.0rc2, 24.2.0rc1, 24.3.0, 24.7.0, 24.7.0rc1, 24.7.0rc2, 25.5.0, 25.5.0rc1]
Recommendation: Update to version 25.5.0.

109 Other Versions

Version License Security Released
1.2.0 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
1.1.1 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
1.1.0 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
1.0.7 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
1.0.6 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
1.0.5 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
1.0.4 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
1.0.3 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
1.0.1 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years