Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-vg46-2rrj-3647

Опубликовано: 26 окт. 2022
Источник: github
Github: Прошло ревью
CVSS4: 5.1
CVSS3: 5.4

Описание

Twisted vulnerable to NameVirtualHost Host header injection

When the host header does not match a configured host, twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection.

Example configuration:

from twisted.web.server import Site from twisted.web.vhost import NameVirtualHost from twisted.internet import reactor resource = NameVirtualHost() site = Site(resource) reactor.listenTCP(8080, site) reactor.run()

Output:

❯ curl -H"Host:<h1>HELLO THERE</h1>" http://localhost:8080/ <html> <head><title>404 - No Such Resource</title></head> <body> <h1>No Such Resource</h1> <p>host b'<h1>hello there</h1>' not in vhost map</p> </body> </html>

This vulnerability was introduced in f49041bb67792506d85aeda9cf6157e92f8048f4 and first appeared in the 0.9.4 release.

Ссылки

Пакеты

Наименование

Twisted

pip
Затронутые версииВерсия исправления

>= 0.9.4, < 22.10.0rc1

22.10.0rc1

EPSS

Процентиль: 78%
0.01178
Низкий

5.1 Medium

CVSS4

5.4 Medium

CVSS3

CVE ID

CVE-2022-39348

Дефекты

CWE-79
CWE-80

Связанные уязвимости

ubuntu логотип

CVE-2022-39348

CVSS3: 5.4
ubuntu
около 3 лет назад

Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds.

redhat логотип

CVE-2022-39348

CVSS3: 5.4
redhat
около 3 лет назад

Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds.

nvd логотип

CVE-2022-39348

CVSS3: 5.4
nvd
около 3 лет назад

Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds.

msrc логотип

CVE-2022-39348

CVSS3: 5.4
msrc
около 3 лет назад

Twisted vulnerable to NameVirtualHost Host header injection

debian логотип

CVE-2022-39348

CVSS3: 5.4
debian
около 3 лет назад

Twisted is an event-based framework for internet applications. Started ...

EPSS

Процентиль: 78%
0.01178
Низкий

5.1 Medium

CVSS4

5.4 Medium

CVSS3

CVE ID

CVE-2022-39348

Дефекты

CWE-79
CWE-80