In Twisted Web through 19.10.0 there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.

🗓️ 30 Jul 2021 07:00:00Reported by MicrosoftType

Twisted Web up to 19.10.0 has HTTP request splitting with content-length overriding chunked.

Reporter	Title	Published	Views	Family All 95
FreeBSD	py-twisted -- multiple vulnerabilities	1 Mar 201900:00	–	freebsd
Tenable Nessus	Amazon Linux 2 : python-twisted-web (ALAS-2020-1428)	21 May 202000:00	–	nessus
Tenable Nessus	CentOS 7 : python-twisted-web (RHSA-2020:1561)	1 May 202000:00	–	nessus
Tenable Nessus	Debian DLA-2145-2 : twisted security update	18 Mar 202000:00	–	nessus
Tenable Nessus	Debian DLA-2927-1 : twisted - LTS security update	19 Feb 202200:00	–	nessus
Tenable Nessus	Fedora 31 : python-twisted (2020-16dc0da400)	26 Mar 202000:00	–	nessus
Tenable Nessus	FreeBSD : py-twisted -- multiple vulnerabilities (9fbaefb3-837e-11ea-b5b4-641c67a117d8) (Ping Flood) (Reset Flood) (Settings Flood)	22 Apr 202000:00	–	nessus
Tenable Nessus	GLSA-202007-24 : Twisted: Access restriction bypasses	27 Jul 202000:00	–	nessus
Tenable Nessus	MiracleLinux 7 : python-twisted-web-12.1.0-7.el7 (AXSA:2020-025:01)	20 Jan 202600:00	–	nessus
Tenable Nessus	NewStart CGSL CORE 5.04 / MAIN 5.04 : python-twisted-web Multiple Vulnerabilities (NS-SA-2020-0078)	11 Dec 202000:00	–	nessus