python-Twisted (SUSE:OpenStack Cloud 8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:OpenStack Cloud 8 package python-Twisted, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2020-10108 — CVSS 9.8 (critical): In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it…
CVE-2020-10109 — CVSS 9.8 (critical): In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked…
CVE-2022-24801 — CVSS 8.1 (high): Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1…
CVE-2022-21712 — CVSS 7.5 (high): twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when…
CVE-2022-21716 — CVSS 7.5 (high): Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server…
CVE-2019-12855 — CVSS 7.4 (high): In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an…
CVE-2019-12387 — CVSS 6.1 (medium): In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters…
CVE-2022-39348 — CVSS 5.4 (medium): Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured…