Описание
Twisted CRLF Injection
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-12387
- https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2
- https://github.com/advisories/GHSA-6cc5-2vg4-cc7m
- https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-128.yaml
- https://labs.twistedmatrix.com/2019/06/twisted-1921-released.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N
- https://twistedmatrix.com/pipermail/twisted-python/2019-June/032352.html
- https://usn.ubuntu.com/4308-1
- https://usn.ubuntu.com/4308-2
- https://www.oracle.com/security-alerts/cpuapr2020.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00042.html
Пакеты
twisted
< 19.2.1
19.2.1
EPSS
5.3 Medium
CVSS4
6.1 Medium
CVSS3
CVE ID
Дефекты
Связанные уязвимости
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
In Twisted before 19.2.1, twisted.web did not validate or sanitize URI ...
EPSS
5.3 Medium
CVSS4
6.1 Medium
CVSS3