PYSEC-2019-128

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/twisted/PYSEC-2019-128.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2019-128

Aliases

Published

2019-06-10T12:29:00Z

Modified

2023-11-01T04:50:19.006817Z

Summary

[none]

Details

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

References

Affected packages

PyPI / twisted

Package

Name: twisted; View open source insights on deps.dev
Purl: pkg:pypi/twisted

Affected ranges

Type: GIT
Repo: https://github.com/twisted/twisted
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

19.2.1

Affected versions

1.*

1.0.1

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.1.0

1.1.1

1.2.0

2.*

2.1.0

2.4.0

2.5.0

8.*

8.0.0

8.0.1

8.1.0

8.2.0

9.*

9.0.0

10.*

10.0.0

10.1.0

10.2.0

11.*

11.0.0

11.1.0

12.*

12.0.0

12.1.0

12.2.0

12.3.0

13.*

13.0.0

13.1.0

13.2.0

14.*

14.0.0

14.0.1

14.0.2

15.*

15.0.0

15.1.0

15.2.0

15.2.1

15.3.0

15.4.0

15.5.0

16.*

16.0.0

16.1.0

16.1.1

16.2.0

16.3.0

16.3.1

16.3.2

16.4.0

16.4.1

16.5.0rc1

16.5.0rc2

16.5.0

16.6.0rc1

16.6.0

16.7.0rc1

16.7.0rc2

17.*

17.1.0rc1

17.1.0

17.5.0

17.9.0rc1

17.9.0

18.*

18.4.0rc1

18.4.0

18.7.0rc1

18.7.0rc2

18.7.0

18.9.0rc1

18.9.0

19.*

19.2.0rc1

19.2.0rc2

19.2.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/twisted/PYSEC-2019-128.yaml"