Описание
Security update for python-Twisted
This update for python-Twisted fixes the following issues:
- CVE-2024-41671: Fixed an information disclosure due to HTTP requests processed out-of-order (bsc#1228549)
- CVE-2024-41810: Fixed reflected XSS via HTML injection in redirect response (bsc#1228552)
Список пакетов
SUSE Linux Enterprise Module for Web and Scripting 12
Ссылки
- Link for SUSE-SU-2024:2732-1
- E-Mail link for SUSE-SU-2024:2732-1
- SUSE Security Ratings
- SUSE Bug 1228549
- SUSE Bug 1228552
- SUSE CVE CVE-2024-41671 page
- SUSE CVE CVE-2024-41810 page
Описание
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.
Затронутые продукты
Ссылки
- CVE-2024-41671
- SUSE Bug 1228549
Описание
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.
Затронутые продукты
Ссылки
- CVE-2024-41810
- SUSE Bug 1228552