twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the twited.web.RedirectAgent
and twisted.web. BrowserLikeRedirectAgent
functions. Users are advised to upgrade. There are no known workarounds.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "python-twisted-bin-dbg": "17.9.0-2ubuntu0.3", "python-twisted-bin": "17.9.0-2ubuntu0.3", "python-twisted-words": "17.9.0-2ubuntu0.3", "python-twisted-web": "17.9.0-2ubuntu0.3", "python3-twisted": "17.9.0-2ubuntu0.3", "python-twisted-conch": "1:17.9.0-2ubuntu0.3", "python-twisted": "17.9.0-2ubuntu0.3", "python-twisted-news": "17.9.0-2ubuntu0.3", "python-twisted-runner-dbg": "17.9.0-2ubuntu0.3", "twisted-doc": "17.9.0-2ubuntu0.3", "python-twisted-names": "17.9.0-2ubuntu0.3", "python-twisted-mail": "17.9.0-2ubuntu0.3", "python3-twisted-bin": "17.9.0-2ubuntu0.3", "python-twisted-core": "17.9.0-2ubuntu0.3", "python3-twisted-bin-dbg": "17.9.0-2ubuntu0.3", "python-twisted-runner": "17.9.0-2ubuntu0.3" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "python3-twisted-bin-dbg": "18.9.0-11ubuntu0.20.04.2", "twisted-doc": "18.9.0-11ubuntu0.20.04.2", "python3-twisted": "18.9.0-11ubuntu0.20.04.2", "python3-twisted-bin": "18.9.0-11ubuntu0.20.04.2" } ] }