Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Tenable Nessus
Tenable Nessusadded 2024/08/10 12:0 a.m.25 views

SUSE SLES15 / openSUSE 15 Security Update : python3-Twisted (SUSE-SU-2024:2860-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2860-1 advisory. - CVE-2024-41671: Fixed HTTP pipelined requests processed out of order in twisted.web bsc1228549 - CVE-2024-41810:...

8.3CVSS6.5AI score0.01109EPSS
Exploits0References7
OSV
OSVadded 2024/07/29 4:33 p.m.18 views

GHSA-C8M8-J448-XJX7 twisted.web has disordered HTTP pipeline response

Summary The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. PoC 0. Start a fresh Debian container: sh docker run --workdir /repro --rm -it debian:bookworm-slim 1. Install twisted and its dependencies...

8.3CVSS8.1AI score0.01755EPSS
Exploits1References7
Cvelist
Cvelistadded 2024/07/29 2:37 p.m.23 views

CVE-2024-41671 twisted.web has disordered HTTP pipeline response

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1...

8.3CVSS0.00856EPSS
Exploits0References3
OSV
OSVadded 2023/10/25 9:15 p.m.37 views

GHSA-XC8X-VP79-P3WM twisted.web has disordered HTTP pipeline response

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...

6.9CVSS5.4AI score0.00766EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2023/10/25 8:56 p.m.18 views

CVE-2023-46137 twisted.web has disordered HTTP pipeline response

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...

5.3CVSS7AI score0.00766EPSS
Exploits1References1
Cvelist
Cvelistadded 2022/04/04 5:25 p.m.23 views

CVE-2022-24801 HTTP Request Smuggling in twisted.web

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing...

8.1CVSS8.5AI score0.02708EPSS
Exploits0References7
Rows per page
Query Builder