MGASA-2023-0061
- Source
- https://advisories.mageia.org/MGASA-2023-0061.html
- Import Source
- https://advisories.mageia.org/MGASA-2023-0061.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2023-0061
- Related
- Published
- 2023-02-27T20:27:16Z
- Modified
- 2023-02-27T19:40:54Z
- Summary
- Updated python-twisted packages fix security vulnerability
- Details
-
When the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. (CVE-2022-39348)
- References
-
- https://advisories.mageia.org/MGASA-2023-0061.html
- https://bugs.mageia.org/show_bug.cgi?id=31140
- https://lists.suse.com/pipermail/sle-security-updates/2022-November/012932.html
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3MV43ZXUEM77YQ3H54TPOKIVOOABGJKI/
- https://www.debian.org/lts/security/2022/dla-3212
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:8 / python-twisted
Package
- Name
- python-twisted
- Purl
- pkg:rpm/mageia/python-twisted?distro=mageia-8