CVE-2023-46137

Опубликовано: 25 окт. 2023

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 5.3

Описание

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.

Релиз	Статус	Примечание
bionic	ignored	end of standard support
devel	released	22.4.0-4ubuntu1
esm-infra-legacy/trusty	needs-triage
esm-infra/bionic	needs-triage
esm-infra/focal	released	18.9.0-11ubuntu0.20.04.3
esm-infra/xenial	needs-triage
focal	released	18.9.0-11ubuntu0.20.04.3
jammy	released	22.1.0-2ubuntu2.4
lunar	released	22.4.0-4ubuntu0.23.04.1
mantic	released	22.4.0-4ubuntu0.23.10.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 70%

0.00645

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2023-46137

CVSS3: 5.3

redhat

около 2 лет назад

CVE-2023-46137

CVSS3: 5.3

nvd

около 2 лет назад

CVE-2023-46137

CVSS3: 5.3

msrc

11 месяцев назад

Описание отсутствует

CVE-2023-46137

CVSS3: 5.3

debian

около 2 лет назад

Twisted is an event-based framework for internet applications. Prior t ...

SUSE-SU-2023:4830-1

suse-cvrf

около 2 лет назад

Security update for python-Twisted

EPSS

Процентиль: 70%

0.00645

Низкий

5.3 Medium

CVSS3

CVE-2023-46137

Описание

Пакет twisted

Ссылки на источники

Связанные уязвимости