OESA-2024-1013

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1013

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2024-1013.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2024-1013

Upstream

CVE-2023-46137

Published

2024-01-05T11:06:40Z

Modified

2025-08-12T05:23:01.042237Z

Summary

python-twisted security update

Details

Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following:

Security Fix(es):

Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.(CVE-2023-46137)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:22.03-LTS / python-twisted

Package

Name: python-twisted
Purl: pkg:rpm/openEuler/python-twisted&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

22.4.0-2.oe2203

Ecosystem specific

{
    "aarch64": [
        "python3-twisted-22.4.0-2.oe2203.aarch64.rpm"
    ],
    "x86_64": [
        "python3-twisted-22.4.0-2.oe2203.x86_64.rpm"
    ],
    "src": [
        "python-twisted-22.4.0-2.oe2203.src.rpm"
    ],
    "noarch": [
        "python-twisted-help-22.4.0-2.oe2203.noarch.rpm"
    ]
}