Lucene search
UbuntuUSN-6575-1HistoryJan 10, 2024 - 12:00 a.m.
Twisted vulnerabilities
2024-01-1000:00:00
ubuntu.com
19
twisted
ubuntu
html injection
script injection
response manipulation
cve-2022-39348
cve-2023-46137
Releases
- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Packages
- twisted - Event-based framework for internet applications
Details
It was discovered that Twisted incorrectly escaped host headers in certain
404 responses. A remote attacker could possibly use this issue to perform
HTML and script injection attacks. This issue only affected Ubuntu 20.04
LTS and Ubuntu 22.04 LTS. (CVE-2022-39348)
It was discovered that Twisted incorrectly handled response order when
processing multiple HTTP requests. A remote attacker could possibly use
this issue to delay responses and manipulate the responses of second
requests. (CVE-2023-46137)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 23.10 | noarch | python3-twisted | < 22.4.0-4ubuntu0.23.10.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | twisted-doc | < 22.4.0-4ubuntu0.23.10.1 | UNKNOWN |
| Ubuntu | 23.04 | noarch | python3-twisted | < 22.4.0-4ubuntu0.23.04.1 | UNKNOWN |
| Ubuntu | 23.04 | noarch | twisted-doc | < 22.4.0-4ubuntu0.23.04.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | python3-twisted | < 22.1.0-2ubuntu2.4 | UNKNOWN |
| Ubuntu | 22.04 | noarch | twisted-doc | < 22.1.0-2ubuntu2.4 | UNKNOWN |
| Ubuntu | 20.04 | noarch | python3-twisted | < 18.9.0-11ubuntu0.20.04.3 | UNKNOWN |
| Ubuntu | 20.04 | noarch | python3-twisted-bin | < 18.9.0-11ubuntu0.20.04.3 | UNKNOWN |
| Ubuntu | 20.04 | noarch | python3-twisted-bin-dbg | < 18.9.0-11ubuntu0.20.04.3 | UNKNOWN |
| Ubuntu | 20.04 | noarch | twisted-doc | < 18.9.0-11ubuntu0.20.04.3 | UNKNOWN |
Related
osv
osv
twisted vulnerabilities
2024-01-10 13:39:55
twisted.web has disordered HTTP pipeline response
2023-10-25 21:15:13
PYSEC-2023-224
2023-10-25 21:15:00
openvas
openvas
Ubuntu: Security Advisory (USN-6575-1)
2024-01-11 00:00:00
openSUSE: Security Advisory for python (SUSE-SU-2023:4490-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for python (SUSE-SU-2023:4608-1)
2024-03-04 00:00:00
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Twisted vulnerabilities (USN-6575-1)
2024-01-10 00:00:00
RHEL 8 : Red Hat OpenStack Platform 16.1.9 (python-twisted) (RHSA-2024:1516)
2024-03-26 00:00:00
SUSE SLES15 Security Update : python-Twisted (SUSE-SU-2023:4830-1)
2023-12-15 00:00:00
redhatcve
redhatcve
CVE-2023-46137
2023-10-26 15:59:37
CVE-2022-39348
2022-11-02 14:26:24
veracode
veracode
HTTP Request Smuggling
2023-10-26 07:40:15
Cross-Site Scripting (XSS)
2022-10-27 06:16:55
cvelist
cvelist
CVE-2023-46137 twisted.web has disordered HTTP pipeline response
2023-10-25 20:56:27
CVE-2022-39348 Twisted vulnerable to NameVirtualHost Host header injection
2022-10-26 00:00:00
ibm
ibm
github
github
twisted.web has disordered HTTP pipeline response
2023-10-25 21:15:13
Twisted vulnerable to NameVirtualHost Host header injection
2022-10-26 22:08:39
redhat
redhat
prion
prion
Code injection
2022-10-26 20:15:00
Design/Logic Flaw
2023-10-25 21:15:00
ubuntucve
ubuntucve
CVE-2023-46137
2023-10-25 00:00:00
CVE-2022-39348
2022-10-26 00:00:00
cve
cve
CVE-2023-46137
2023-10-25 21:15:10
CVE-2022-39348
2022-10-26 20:15:00
debiancve
debiancve
CVE-2023-46137
2023-10-25 21:15:10
CVE-2022-39348
2022-10-26 20:15:00
debian
debian
[SECURITY] [DLA 3212-1] twisted security update
2022-11-28 15:39:08
amazon
amazon
Medium: python-twisted-web
2023-03-30 18:56:00
Important: python-twisted-web
2023-03-30 22:50:00
mageia
mageia
Updated python-twisted packages fix security vulnerability
2023-02-27 23:27:16
cbl_mariner
cbl_mariner
CVE-2022-39348 affecting package python-twisted 20.3.0-4
2024-06-01 15:23:37
CVE-2022-39348 affecting package python-twisted 22.10.0-1
2024-06-01 15:23:42
gentoo
gentoo
Twisted: Multiple Vulnerabilities
2023-01-11 00:00:00