AZL-8505

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-8505.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-8505

Upstream

CVE-2022-21712

Published

2022-02-07T22:15:08Z

Modified

2026-04-01T05:23:32.583479Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

CVE-2022-21712 affecting package python-twisted for versions less than 22.2.0-1

Details

twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the twited.web.RedirectAgent and twisted.web. BrowserLikeRedirectAgent functions. Users are advised to upgrade. There are no known workarounds.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-21712

Affected packages

Azure Linux:2 / python-twisted

Package

Name: python-twisted
Purl: pkg:rpm/azure-linux/python-twisted

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

22.2.0-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-8505.json"