Cookie and Authorization headers are leaked when following cross-origin redirects in twited.web.client.RedirectAgent
and twisted.web.client.BrowserLikeRedirectAgent
.
github.com/twisted/twisted
github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2
github.com/twisted/twisted/releases/tag/twisted-22.1.0
github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx
lists.debian.org/debian-lts-announce/2022/02/msg00021.html
lists.fedoraproject.org/archives/list/[email protected]/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
lists.fedoraproject.org/archives/list/[email protected]/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
nvd.nist.gov/vuln/detail/CVE-2022-21712
security.gentoo.org/glsa/202301-02