Lucene search

K
osvGoogleOSV:PYSEC-2022-27
HistoryFeb 07, 2022 - 10:15 p.m.

PYSEC-2022-27

2022-02-0722:15:00
Google
osv.dev
25
twisted
event-driven
networking
cookies
authorization
cross-origin
redirects
upgrade
security issue
web

EPSS

0.005

Percentile

77.0%

twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the twited.web.RedirectAgent and twisted.web. BrowserLikeRedirectAgent functions. Users are advised to upgrade. There are no known workarounds.