CVE-2024-41671

Name
CVE-2024-41671
Description
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7
MISC https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33
MISC https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc

Match rules

CPE URI Source package Min version Max version
twisted >= 0 <= 24.3.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status