Количество 11
Количество 11
BDU:2024-07354
Уязвимость сетевого фреймворка Twisted, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность
ROS-20251226-7302
Уязвимость python-twisted
CVE-2022-39348
Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds.
CVE-2022-39348
Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds.
CVE-2022-39348
Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds.
CVE-2022-39348
Twisted vulnerable to NameVirtualHost Host header injection
CVE-2022-39348
Twisted is an event-based framework for internet applications. Started ...
SUSE-SU-2022:4057-1
Security update for python-Twisted
SUSE-SU-2022:4000-1
Security update for python-Twisted
GHSA-vg46-2rrj-3647
Twisted vulnerable to NameVirtualHost Host header injection
SUSE-SU-2022:4074-1
Security update for python-Twisted
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2024-07354 Уязвимость сетевого фреймворка Twisted, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность | CVSS3: 5.4 | 1% Низкий | около 3 лет назад |
 | ROS-20251226-7302 Уязвимость python-twisted | CVSS3: 5.4 | 1% Низкий | 21 день назад |
 | CVE-2022-39348 Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds. | CVSS3: 5.4 | 1% Низкий | около 3 лет назад |
 | CVE-2022-39348 Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds. | CVSS3: 5.4 | 1% Низкий | около 3 лет назад |
 | CVE-2022-39348 Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds. | CVSS3: 5.4 | 1% Низкий | около 3 лет назад |
 | CVE-2022-39348 Twisted vulnerable to NameVirtualHost Host header injection | CVSS3: 5.4 | 1% Низкий | около 3 лет назад |
| CVE-2022-39348 Twisted is an event-based framework for internet applications. Started ... | CVSS3: 5.4 | 1% Низкий | около 3 лет назад |
 | SUSE-SU-2022:4057-1 Security update for python-Twisted | 1% Низкий | около 3 лет назад | |
| SUSE-SU-2022:4000-1 Security update for python-Twisted | 1% Низкий | около 3 лет назад | |
| GHSA-vg46-2rrj-3647 Twisted vulnerable to NameVirtualHost Host header injection | CVSS3: 5.4 | 1% Низкий | около 3 лет назад |
| SUSE-SU-2022:4074-1 Security update for python-Twisted | около 3 лет назад |
Уязвимостей на страницу