twisted@23.8.0rc1 vulnerabilities
An asynchronous networking framework written in Python
latest version
24.11.0
latest non vulnerable version
first published
19 years ago
latest version published
4 months ago
licenses detected
- [2.1.0,)
Direct Vulnerabilities
Known vulnerabilities in the twisted package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
Twisted is an event-based network programming and multi-protocol integration framework. Affected versions of this package are vulnerable to HTTP Response Smuggling. When sending multiple HTTP/1.1 requests in one TCP segment, twisted.web does not guarantee the response order. An attacker in control of an endpoint can manipulate a different user's second response to a pipelined chunked request by delaying the response to their own request. Information disclosure across sessions may also be possible for reverse proxy servers using pooled connections. How to fix HTTP Response Smuggling? Upgrade | [16.3.0,24.7.0rc1) |
Twisted is an event-based network programming and multi-protocol integration framework. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when the victim is using Firefox, due to an unescaped URL in the How to fix Cross-site Scripting (XSS)? Upgrade | [,24.7.0rc1) |
Twisted is an event-based network programming and multi-protocol integration framework. Affected versions of this package are vulnerable to HTTP Response Smuggling. When sending multiple HTTP/1.1 requests in one TCP segment, twisted.web does not guarantee the response order. An attacker in control of an endpoint can manipulate a different user's second response to a pipelined chunked request by delaying the response to their own request. How to fix HTTP Response Smuggling? Upgrade | [16.3.0,23.10.0rc1) |