Описание
Security update for python3-Twisted
This update for python3-Twisted fixes the following issues:
- CVE-2024-41671: Fixed HTTP pipelined requests processed out of order in twisted.web (bsc#1228549)
- CVE-2024-41810: Fixed reflected XSS via HTML Injection in Redirect Response (bsc#1228552)
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
SUSE Linux Enterprise Module for Server Applications 15 SP5
SUSE Linux Enterprise Module for Server Applications 15 SP6
SUSE Linux Enterprise Server 15 SP4-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Manager Proxy 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.5
Ссылки
- Link for SUSE-SU-2024:2860-1
- E-Mail link for SUSE-SU-2024:2860-1
- SUSE Security Ratings
- SUSE Bug 1228549
- SUSE Bug 1228552
- SUSE CVE CVE-2024-41671 page
- SUSE CVE CVE-2024-41810 page
Описание
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.
Затронутые продукты
Ссылки
- CVE-2024-41671
- SUSE Bug 1228549
Описание
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.
Затронутые продукты
Ссылки
- CVE-2024-41810
- SUSE Bug 1228552