2 matches found
MGASA-2023-0061 Updated python-twisted packages fix security vulnerability
When the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. CVE-2022-39348...
MGASA-2020-0428 Updated python-twisted packages fix security vulnerabilities
Jake Miller and ZeddYu Lu discovered that Twisted incorrectly handled certain content-length headers. A remote attacker could possibly use this issue to perform HTTP request splitting attacks CVE-2020-10108, CVE-2020-10109...