Products
Twisted
- before 24.7.0rc1
Source
security-advisories@github.com
Tags
CVE-2024-41671 details
Published : July 29, 2024, 3:15 p.m.
Last Modified : July 29, 2024, 4:21 p.m.
Last Modified : July 29, 2024, 4:21 p.m.
Description
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.3 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-444 | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') | The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
Base Score
8.3
Exploitability Score
3.9
Impact Score
3.7
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
References
| URL | Source |
|---|---|
| https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33 | security-advisories@github.com |
| https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc | security-advisories@github.com |
| https://github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7 | security-advisories@github.com |
This website uses the NVD API, but is not approved or certified by it.