CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
AI Score
Confidence
Low
Twisted is vulnerable to HTTP Request/Response Smuggling. The vulnerability is due to the HTTP 1.0 and 1.1 server provided by twisted.web which can process pipelined HTTP requests out-of-order.
github.com/advisories/GHSA-c8m8-j448-xjx7
github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33
github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33#diff-8b5268e87de77cb991bee1adb428d96189314ab58080ea3eb655e3c3ed90a74a
github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc
github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7