CVE-2024-41671

2024-07-2915:15:15

Debian Security Bug Tracker

security-tracker.debian.org

twisted framework

event-based

internet applications

support

cve-2024-41671

unix

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

AI Score

8.1

Confidence

High

EPSS

Percentile

16.2%

JSON

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.

OSVersionArchitecturePackageVersionFilename
Debian12alltwisted<= 22.4.0-4twisted_22.4.0-4_all.deb
Debian11alltwisted<= 20.3.0-7+deb11u1twisted_20.3.0-7+deb11u1_all.deb
Debian999alltwisted< 24.7.0-1twisted_24.7.0-1_all.deb
Debian13alltwisted<= 24.3.0-3twisted_24.3.0-3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	twisted	<= 22.4.0-4	twisted_22.4.0-4_all.deb
Debian	11	all	twisted	<= 20.3.0-7+deb11u1	twisted_20.3.0-7+deb11u1_all.deb
Debian	999	all	twisted	< 24.7.0-1	twisted_24.7.0-1_all.deb
Debian	13	all	twisted	<= 24.3.0-3	twisted_24.3.0-3_all.deb