Описание
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The twisted.web.util.redirectTo function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 24.7.0-2 |
| esm-infra-legacy/trusty | released | 13.2.0-1ubuntu1.2+esm3 |
| esm-infra/bionic | released | 17.9.0-2ubuntu0.3+esm1 |
| esm-infra/focal | released | 18.9.0-11ubuntu0.20.04.4 |
| esm-infra/xenial | released | 16.0.0-1ubuntu0.4+esm2 |
| focal | released | 18.9.0-11ubuntu0.20.04.4 |
| jammy | released | 22.1.0-2ubuntu2.5 |
| noble | released | 24.3.0-1ubuntu0.1 |
| oracular | not-affected | 24.7.0-2 |
| trusty/esm | released | 13.2.0-1ubuntu1.2+esm3 |
Показывать по
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.
Twisted is an event-based framework for internet applications, support ...
Twisted vulnerable to HTML injection in HTTP redirect body
EPSS
6.1 Medium
CVSS3