Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-39348

Опубликовано: 26 окт. 2022
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS3: 5.4

Описание

Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
devel

not-affected

22.4.0-4
esm-infra-legacy/trusty

needed

esm-infra/bionic

needed

esm-infra/focal

released

18.9.0-11ubuntu0.20.04.3
esm-infra/xenial

needs-triage

focal

released

18.9.0-11ubuntu0.20.04.3
jammy

released

22.1.0-2ubuntu2.4
kinetic

ignored

end of life, was needed
lunar

not-affected

22.4.0-4

Показывать по

Ссылки на источники

EPSS

Процентиль: 78%
0.01178
Низкий

5.4 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2022-39348

CVSS3: 5.4
redhat
около 3 лет назад

Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds.

nvd логотип

CVE-2022-39348

CVSS3: 5.4
nvd
около 3 лет назад

Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds.

msrc логотип

CVE-2022-39348

CVSS3: 5.4
msrc
около 3 лет назад

Twisted vulnerable to NameVirtualHost Host header injection

debian логотип

CVE-2022-39348

CVSS3: 5.4
debian
около 3 лет назад

Twisted is an event-based framework for internet applications. Started ...

suse-cvrf логотип

SUSE-SU-2022:4057-1

suse-cvrf
около 3 лет назад

Security update for python-Twisted

EPSS

Процентиль: 78%
0.01178
Низкий

5.4 Medium

CVSS3