python-Twisted (SUSE:Linux Enterprise Module for Web and Scripting 12) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Web and Scripting 12 package python-Twisted, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2020-10108 — CVSS 9.8 (critical): In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it…
CVE-2020-10109 — CVSS 9.8 (critical): In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked…
CVE-2024-41671 — CVSS 8.3 (high): Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web…
CVE-2022-24801 — CVSS 8.1 (high): Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1…
CVE-2022-21716 — CVSS 7.5 (high): Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server…
CVE-2022-21712 — CVSS 7.5 (high): twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when…
CVE-2019-12855 — CVSS 7.4 (high): In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an…
CVE-2024-41810 — CVSS 6.1 (medium): Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains…
CVE-2019-12387 — CVSS 6.1 (medium): In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters…
CVE-2022-39348 — CVSS 5.4 (medium): Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured…
CVE-2016-1000111 — CVSS 5.3 (medium): Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI…