Amazon Linux 2023 : python3-twisted, python3-twisted+tls (ALAS2023-2023-130)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-130 advisory. Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResourc...

Updated python-twisted packages fix security vulnerability

When the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. CVE-2022-39348...

Twisted vulnerable to NameVirtualHost Host header injection

When the host header does not match a configured host, twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. Example configuration: python from twisted.web.server import Site from...

GHSA-VG46-2RRJ-3647 Twisted vulnerable to NameVirtualHost Host header injection

When the host header does not match a configured host, twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. Example configuration: python from twisted.web.server import Site from...

Code injection

Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and scri...

Twisted 跨站脚本漏洞

Twisted is an event-driven open source web engine written in Python. A security vulnerability exists in Twisted versions 0.9.4 through 22.10.0rc1, which stems from the fact that when the host header does not match the configured host, "twisted.web.vhost. "NoResource" resource that unescapes the...

CVE-2022-39348 Twisted vulnerable to NameVirtualHost Host header injection

Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and scri...