twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.
References
Configurations
History
25 Nov 2024, 18:12
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:* | |
First Time |
Twisted
Twisted twisted |
21 Nov 2024, 06:45
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | () https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2 - Patch, Third Party Advisory | |
References | () https://github.com/twisted/twisted/releases/tag/twisted-22.1.0 - Release Notes, Third Party Advisory | |
References | () https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx - Third Party Advisory |
18 Nov 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Jul 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-200 | |
References |
|
01 Mar 2022, 16:17
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-346 | |
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html - Mailing List, Third Party Advisory |
19 Feb 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Feb 2022, 15:02
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx - Third Party Advisory | |
References | (MISC) https://github.com/twisted/twisted/releases/tag/twisted-22.1.0 - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2 - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
07 Feb 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-07 22:15
Updated : 2024-11-25 18:12
NVD link : CVE-2022-21712
Mitre link : CVE-2022-21712
CVE.ORG link : CVE-2022-21712
JSON object : View
Products Affected
debian
- debian_linux
twisted
- twisted
fedoraproject
- fedora