Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Twisted Security Vulnerabilities

cve
cve

CVE-2022-21712

twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the twited.web.RedirectAgent and twisted.web. BrowserLikeRedirectAgent functions. Users are advised ...

7.5CVSS

7.2AI Score

0.005EPSS

2022-02-07 10:15 PM
211
2
cve
cve

CVE-2022-21716

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach i...

7.5CVSS

7.4AI Score

0.004EPSS

2022-03-03 09:15 PM
252
4
cve
cve

CVE-2022-24801

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing c...

8.1CVSS

8.2AI Score

0.007EPSS

2022-04-04 06:15 PM
221
4
cve
cve

CVE-2022-39348

Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script...

5.4CVSS

5.5AI Score

0.002EPSS

2022-10-26 08:15 PM
192
8
cve
cve

CVE-2023-46137

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the ...

5.3CVSS

5AI Score

0.001EPSS

2023-10-25 09:15 PM
62
cve
cve

CVE-2024-41671

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.

8.3CVSS

8AI Score

0.0004EPSS

2024-07-29 03:15 PM
32
cve
cve

CVE-2024-41810

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The twisted.web.util.redirectTo function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scriptin...

6.1CVSS

6.1AI Score

0.001EPSS

2024-07-29 04:15 PM
28