RHEL 8 : Red Hat OpenStack Platform 16.1.9 (python-twisted) (RHSA-2024:1516)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1516 advisory. Twisted is a networking engine written in Python, supporting numerous protocols. It contains a web server, numerous chat clients, chat servers, mail...

Synapse: Multiple Vulnerabilities

Background Synapse is a Matrix homeserver written in Python/Twisted. Description Multiple vulnerabilities have been discovered in Synapse. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

SUSE SLES15 Security Update : python-Twisted (SUSE-SU-2023:4830-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4830-1 advisory. - Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP...

SUSE-SU-2023:4830-1 Security update for python-Twisted

This update for python-Twisted fixes the following issues: - CVE-2023-46137: Fixed issue inside serializing pipelined HTTP requests. bsc1216588...

SUSE-SU-2023:4608-1 Security update for python-Twisted

This update for python-Twisted fixes the following issues: - CVE-2023-46137: Fixed issue inside serializing pipelined HTTP requests. bsc1216588...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Twisted (SUSE-SU-2023:4608-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4608-1 advisory. - Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sendin...

SUSE-SU-2023:4490-1 Security update for python-Twisted

This update for python-Twisted fixes the following issues: - CVE-2023-46137: Fixed issue inside serializing pipelined HTTP requests. bsc1216588...

Medium: python-twisted

Issue Overview: Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by...

[SECURITY] Fedora 38 Update: matrix-synapse-1.95.1-1.fc38

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

AZL-31788 CVE-2023-46137 affecting package python-twisted for versions less than 22.10.0-4

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...

AZL-35140 CVE-2023-46137 affecting package python-twisted for versions less than 22.10.0-4

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...

[SECURITY] Fedora 38 Update: matrix-synapse-1.94.0-2.fc38

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

Oracle Linux 7 : python-twisted-web (ELSA-2020-1091)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-1091 advisory. 12.1.0-6 - Fix CVE-2019-12387 HTTP Header Injection Resolves: rhbz1721518 Tenable has extracted the preceding description block directly from the Oracle Linux...

Amazon Linux AMI : python-twisted-web (ALAS-2023-1717)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1717 advisory. A flaw was found in python-twisted. This vulnerability occurs due to the parsing of illegal constructs in the twisted.web.http module. The illegal constructs include '+/-' in the Content-Length...

Amazon Linux 2 : python-twisted-web (ALAS-2023-2008)

The version of python-twisted-web installed on the remote host is prior to 12.1.0-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2008 advisory. Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does no...

Important: python-twisted-web

Issue Overview: A flaw was found in python-twisted. This vulnerability occurs due to the parsing of illegal constructs in the twisted.web.http module. The illegal constructs include '+/-' in the Content-Length header, '\n and \t' etc. Non-conformant parsing leads to a desync if requests pass...

Important: python-twisted

Issue Overview: A flaw was found in the twisted Python library when WebClient redirects via the RedirectAgent and BrowserLikeRedirectAgent methods. This flaw allows an attacker to take advantage of these cross-origin redirects and leak the cookie and authorization headers. CVE-2022-21712 An...

CBL Mariner 2.0 Security Update: python-twisted (CVE-2022-24801)

The version of python-twisted installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-24801 advisory. - Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to...

MGASA-2023-0061 Updated python-twisted packages fix security vulnerability

When the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. CVE-2022-39348...

Updated python-twisted packages fix security vulnerability

When the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. CVE-2022-39348...