—
PYSEC-2019-128
Details
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / twisted
Introduced in:
0 Fixed in: 6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2 Fix
pip install --upgrade 'twisted>=6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2' References
- https://twistedmatrix.com/pipermail/twisted-python/2019-June/032352.html [WEB]
- https://labs.twistedmatrix.com/2019/06/twisted-1921-released.html [WEB]
- https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2 [FIX]
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.html [WEB]
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00042.html [WEB]
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N/ [WEB]
- https://usn.ubuntu.com/4308-1/ [WEB]
- https://usn.ubuntu.com/4308-2/ [WEB]
- https://www.oracle.com/security-alerts/cpuapr2020.html [WEB]
- https://github.com/advisories/GHSA-6cc5-2vg4-cc7m [ADVISORY]