GHSA-6cc5-2vg4-cc7m

Source

https://github.com/advisories/GHSA-6cc5-2vg4-cc7m

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/06/GHSA-6cc5-2vg4-cc7m/GHSA-6cc5-2vg4-cc7m.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-6cc5-2vg4-cc7m

Aliases

Published

2019-06-10T18:05:06Z

Modified

2024-11-18T22:52:16.754524Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator

Summary

Twisted CRLF Injection

Details

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

References

Affected packages

PyPI / twisted

Package

Name: twisted; View open source insights on deps.dev
Purl: pkg:pypi/twisted

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

19.2.1

Affected versions

1.*

1.0.1

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.1.0

1.1.1

1.2.0

2.*

2.1.0

2.4.0

2.5.0

8.*

8.0.0

8.0.1

8.1.0

8.2.0

9.*

9.0.0

10.*

10.0.0

10.1.0

10.2.0

11.*

11.0.0

11.1.0

12.*

12.0.0

12.1.0

12.2.0

12.3.0

13.*

13.0.0

13.1.0

13.2.0

14.*

14.0.0

14.0.1

14.0.2

15.*

15.0.0

15.1.0

15.2.0

15.2.1

15.3.0

15.4.0

15.5.0

16.*

16.0.0

16.1.0

16.1.1

16.2.0

16.3.0

16.3.1

16.3.2

16.4.0

16.4.1

16.5.0rc1

16.5.0rc2

16.5.0

16.6.0rc1

16.6.0

16.7.0rc1

16.7.0rc2

17.*

17.1.0rc1

17.1.0

17.5.0

17.9.0rc1

17.9.0

18.*

18.4.0rc1

18.4.0

18.7.0rc1

18.7.0rc2

18.7.0

18.9.0rc1

18.9.0

19.*

19.2.0rc1

19.2.0rc2

19.2.0