Lucene search

K
osvGoogleOSV:GHSA-92X2-JW7W-XVVX
HistoryFeb 07, 2022 - 10:36 p.m.

Cookie and header exposure in twisted

2022-02-0722:36:00
Google
osv.dev
14
twisted
web client
security vulnerability
cross-origin
cookies
authorization headers

EPSS

0.005

Percentile

77.0%

Impact

Cookie and Authorization headers are leaked when following cross-origin redirects in twited.web.client.RedirectAgent and twisted.web.client.BrowserLikeRedirectAgent.