Astra Linux - уязвимость в twisted

In words.protocols.jabber.xmlstream in Twisted through version 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to intercept connections...

Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains

...

USN-6988-1 twisted vulnerabilities

Ben Kallus discovered that Twisted incorrectly handled response order when processing multiple HTTP requests. A remote attacker could possibly use this issue to delay and manipulate responses. This issue only affected Ubuntu 24.04 LTS. CVE-2024-41671 It was discovered that Twisted did not properl...

twisted.web has disordered HTTP pipeline response

Summary The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. PoC 0. Start a fresh Debian container: sh docker run --workdir /repro --rm -it debian:bookworm-slim 1. Install twisted and its dependencies...

USN-5576-1 twisted vulnerability

It was discovered that Twisted incorrectly parsed some types of HTTP requests in its web server implementation. In certain proxy or multi-server configurations, a remote attacker could craft malicious HTTP requests in order to obtain sensitive information...

Denial of Service (DoS)

Overview Twisted is an event-based network programming and multi-protocol integration framework. Affected versions of this package are vulnerable to Denial of Service DoS by accepting an infinite amount of data for the peer's SSH version identifier. it is possible to be exploited via SSH transpor...

Splash has a denial of service vulnerability

Splash is a JavaScript rendering service, a lightweight browser with an HTTP API, and it interfaces with the Twisted and QT libraries in Python. A denial of service vulnerability exists in Splash. An attacker can exploit this vulnerability to cause the program to crash...

Critical: Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container

Red Hat Ansible Tower 3.5.6-1 - RHEL7 Container Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface CVE-2020-10698 Fixed OAuth2 refresh tokens to properly respect custom expiration settings CVE-2020-10709...

Critical: Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container

Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container Added additional metrics to the Prometheus /api/v2/metrics/ endpoint for reporting remaining instance capacity Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface...

PYSEC-2019-128

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...