Описание
Security update for python-Twisted
This update for python-Twisted fixes the following issues:
- CVE-2024-41671: Fixed an information disclosure due to HTTP requests processed out-of-order (bsc#1228549)
- CVE-2024-41810: Fixed reflected XSS via HTML injection in redirect response (bsc#1228552)
Список пакетов
Image SLES15-SP3-BYOS-Azure
Image SLES15-SP3-HPC-BYOS-Azure
Image SLES15-SP3-SAP-BYOS-Azure
Image SLES15-SP3-SAPCAL-Azure
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
SUSE Linux Enterprise Server 15 SP2-LTSS
SUSE Linux Enterprise Server 15 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
Ссылки
- Link for SUSE-SU-2024:2757-1
- E-Mail link for SUSE-SU-2024:2757-1
- SUSE Security Ratings
- SUSE Bug 1228549
- SUSE Bug 1228552
- SUSE CVE CVE-2024-41671 page
- SUSE CVE CVE-2024-41810 page
Описание
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.
Затронутые продукты
Ссылки
- CVE-2024-41671
- SUSE Bug 1228549
Описание
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.
Затронутые продукты
Ссылки
- CVE-2024-41810
- SUSE Bug 1228552