twisted is vulnerable to HTTP request splitting. The vulnerability exists as requests with both Content-Length and Transfer-Encoding headers would have honored the first header.This vulnerability is similar to CVE-2020-10108.

CPENameOperatorVersion
twistedle19.10.0
py3-twisted:edgeeq19.10.0-r0
twistedle19.10.0
py3-twisted:edgeeq19.10.0-r0

Name	Operator	Version
twisted	le	19.10.0
py3-twisted:edge	eq	19.10.0-r0
twisted	le	19.10.0
py3-twisted:edge	eq	19.10.0-r0

References

bugzilla.redhat.com/show_bug.cgi?id=1813449

github.com/advisories/GHSA-p5xh-vx83-mxcj

github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281

know.bishopfox.com/advisories

know.bishopfox.com/advisories/twisted-version-19.10.0

lists.debian.org/debian-lts-announce/2022/02/msg00021.html

lists.fedoraproject.org/archives/list/[email protected]/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/

lists.fedoraproject.org/archives/list/[email protected]/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/

security.gentoo.org/glsa/202007-24

usn.ubuntu.com/4308-1/

usn.ubuntu.com/4308-2/

nessus 25

fedora 2

debian 3

openvas 12

centos 2

redhat 2

oraclelinux 3

ubuntucve 2

mageia 1

gentoo 1

amazon 2

photon 6

osv 8

ubuntu 2

debiancve 2

veracode 1

cvelist 2

cbl_mariner 4

redhatcve 2

alpinelinux 2

nvd 2

suse 1

prion 2

github 2

cve 2

freebsd 1

oracle 1

nessus

Fedora 31 : python-twisted (2020-16dc0da400)

2020-03-26 00:00:00

CentOS 7 : python-twisted-web (CESA-2020:1561)

2020-05-01 00:00:00

Debian DLA-2145-2 : twisted security update

2020-03-18 00:00:00

fedora

[SECURITY] Fedora 31 Update: python-twisted-19.2.1-6.fc31

2020-03-26 01:20:38

[SECURITY] Fedora 32 Update: python-twisted-19.10.0-2.fc32

2020-03-25 16:17:24

debian

[SECURITY] [DLA 2145-1] twisted security update

2020-03-17 18:03:22

[SECURITY] [DLA 2145-2] twisted security update

2020-03-19 17:13:20

[SECURITY] [DLA 2927-1] twisted security update

2022-02-19 16:30:59

openvas

CentOS: Security Advisory for python-twisted-web (CESA-2020:1561)

2020-05-01 00:00:00

Mageia: Security Advisory (MGASA-2020-0428)

2022-01-28 00:00:00

Debian: Security Advisory (DLA-2145-1)

2020-03-18 00:00:00

centos

python security update

2020-04-30 19:55:14

python security update

2020-04-30 19:58:15

redhat

(RHSA-2020:1561) Important: python-twisted-web security update

2020-04-23 13:32:32

(RHSA-2020:1962) Important: python-twisted-web security update

2020-04-29 08:51:32

oraclelinux

python-twisted-web security update

2020-04-23 00:00:00

python-twisted-web security update

2020-04-29 00:00:00

ol-automation-manager security update

2022-04-27 00:00:00

ubuntucve

CVE-2020-10109

2020-03-12 00:00:00

CVE-2020-10108

2020-03-12 00:00:00

mageia

Updated python-twisted packages fix security vulnerabilities

2020-11-21 15:21:00

gentoo

Twisted: Access restriction bypasses

2020-07-27 00:00:00

amazon

Important: python-twisted-web

2020-05-19 18:32:00

Important: python-twisted-web

2020-05-22 20:57:00

photon

Critical Photon OS Security Update - PHSA-2020-0109

2020-07-03 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0259

2020-07-03 00:00:00

Critical Photon OS Security Update - PHSA-2020-3.0-0109

2020-07-03 00:00:00

osv

twisted - security update

2020-03-17 00:00:00

twisted - security update

2022-02-19 00:00:00

Improper Input Validation in Twisted

2020-03-31 15:42:42

ubuntu

Twisted vulnerabilities

2020-03-30 00:00:00

Twisted vulnerabilities

2020-03-19 00:00:00

debiancve

CVE-2020-10108

2020-03-12 13:15:12

CVE-2020-10109

2020-03-12 13:15:12

veracode

HTTP Request Smuggling

2020-03-13 04:28:16

cvelist

CVE-2020-10108

2020-03-12 12:42:33

CVE-2020-10109

2020-03-12 12:40:05

cbl_mariner

CVE-2020-10108 affecting package python-twisted 19.2.1-5

2021-08-11 06:39:26

CVE-2020-10109 affecting package python-twisted for versions less than 22.2.0-1

2022-04-14 19:39:45

CVE-2020-10108 affecting package python-twisted for versions less than 22.2.0-1

2022-04-14 19:39:45

redhatcve

CVE-2020-10108

2020-03-13 20:10:57

CVE-2020-10109

2020-03-13 20:10:57

alpinelinux

CVE-2020-10108

2020-03-12 13:15:12

CVE-2020-10109

2020-03-12 13:15:12

nvd

CVE-2020-10109

2020-03-12 13:15:12

CVE-2020-10108

2020-03-12 13:15:12

suse

Security update for python-Twisted (important)

2022-08-16 00:00:00

prion

Cross site request forgery (csrf)

2020-03-12 13:15:00

Cross site request forgery (csrf)

2020-03-12 13:15:00

github

HTTP Request Smuggling in Twisted

2020-03-31 15:40:12

Improper Input Validation in Twisted

2020-03-31 15:42:42

cve

CVE-2020-10108

2020-03-12 13:15:12

CVE-2020-10109

2020-03-12 13:15:12

freebsd

py-twisted -- multiple vulnerabilities

2019-03-01 00:00:00

oracle

Oracle Critical Patch Update Advisory - October 2020

2020-10-20 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.01 Low

EPSS

Percentile

83.6%

JSON

Related for VERACODE:22712