CVE-2019-12387

Опубликовано: 10 июн. 2019

Источник: debian

Описание

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
twisted	fixed	18.9.0-7		package
twisted	fixed	18.9.0-3+deb10u1	buster	package
twisted	no-dsa		stretch	package
twisted	no-dsa		jessie	package

Примечания

https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2

Связанные уязвимости

CVE-2019-12387

CVSS3: 6.1

ubuntu

больше 6 лет назад

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

CVE-2019-12387

CVSS3: 6.5

redhat

больше 6 лет назад

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

CVE-2019-12387

CVSS3: 6.1

nvd

больше 6 лет назад

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

openSUSE-SU-2019:1760-1

suse-cvrf

больше 6 лет назад

Security update for python-Twisted

SUSE-SU-2019:2066-1

suse-cvrf

больше 6 лет назад

Security update for python-Twisted