22 matches found
CVE-2026-44546
daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...
CVE-2026-44545
daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 unlimited, an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory...
EUVD-2026-34092
daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...
CVE-2026-44546 Header injection via WebSocket upgrade parser differential allows ASGI scope header spoofing
daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...
CVE-2026-44546 Header injection via WebSocket upgrade parser differential allows ASGI scope header spoofing
daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...
CVE-2026-44546
daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...
CVE-2026-44546
daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...
CVE-2026-44546
CVE-2026-44546 affects Daphne (before 4.2.2) in the WebSocket upgrade path. The root cause is a parser differential between Twisted’s parsed headers and Autobahn’s WebSocket handshake processing: Twisted does not treat certain control bytes (0x0b, 0x0c, 0x1c, 0x1d, 0x1e, 0x85) as header separator...
CVE-2026-44545
daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 unlimited, an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory...
CVE-2026-44545 Unbounded WebSocket message and frame sizes can cause unauthenticated remote denial of service
daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 unlimited, an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory...
CVE-2026-44545 Unbounded WebSocket message and frame sizes can cause unauthenticated remote denial of service
daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 unlimited, an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory...
CVE-2026-44545
CVE-2026-44545 affects daphne prior to 4.2.2, where maxFramePayloadSize and maxMessagePayloadSize were not passed to Autobahn’s WebSocketServerFactory. Autobahn defaults these values to 0 (unlimited), enabling an unauthenticated remote attacker to send arbitrarily large WebSocket messages or fram...
CVE-2026-44545
daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 unlimited, an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory...
EUVD-2026-34091
daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 unlimited, an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory...
PT-2026-45941
daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat x0b, x0c, x1c, x1d, x1e, or x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...
PT-2026-45940
daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 unlimited, an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory...
Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Container Release Update
An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...
daphne (>=0.14.2 <=0.14.3), ethproxy (>=1.0.0 <=1.0.3) +3 more potentially affected by CVE-2016-1000111 via twisted (>=16.0.0 <=16.2.0)
twisted PYPI version =16.0.0, =0.14.2, =1.0.0, =0.13.2, =2.2.0, =3.2.0 - yabgp =0.5.0 Source cves: CVE-2016-1000111 Source advisory: OSV:GHSA-3GQJ-CMXR-P4X2...
billots (=0.1.1), bitdust (=0.0.2) +49 more potentially affected by CVE-2020-10109 via twisted (>=16.0.0 <=19.7.0)
twisted PYPI version =16.0.0, =0.1.0, =18.4.0, =3.1.0, =1.2.0, =0.14.2, =0.0.3, =2019.5.0, =1.0.0, =1.4.3, =0.1.0, =0.3.4, =0.3.6 and more Source cves: CVE-2020-10109 Source advisory: OSV:GHSA-P5XH-VX83-MXCJ...
daphne (>=0.14.2 <=0.14.3), ethproxy (>=1.0.0 <=1.0.3) +3 more potentially affected by CVE-2016-1000111 via twisted (>=16.0.0 <=16.2.0)
twisted PYPI version =16.0.0, =0.14.2, =1.0.0, =0.13.2, =2.2.0, =3.2.0 - yabgp =0.5.0 Source cves: CVE-2016-1000111 Source advisory: OSV:PYSEC-2020-214...