Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/twisted@22.4.0
Typepypi
Namespace
Nametwisted
Version22.4.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version26.4.0
Latest_non_vulnerable_version26.4.0
Affected_by_vulnerabilities
0
url VCID-ap46-rugq-uucz
vulnerability_id VCID-ap46-rugq-uucz
summary Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses previous loop-prevention logic, causing the single-threaded Twisted reactor to hang while processing millions of recursive lookups, effectively freezing the server. This vulnerability is fixed in 26.4.0rc2.
references
0
reference_url https://github.com/twisted/twisted/security/advisories/GHSA-grgv-6hw6-v9g4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/twisted/twisted/security/advisories/GHSA-grgv-6hw6-v9g4
fixed_packages
0
url pkg:pypi/twisted@26.4.0
purl pkg:pypi/twisted@26.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@26.4.0
aliases CVE-2026-42304, GHSA-grgv-6hw6-v9g4, PYSEC-2026-160
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ap46-rugq-uucz
1
url VCID-kadj-7rha-tuc1
vulnerability_id VCID-kadj-7rha-tuc1
summary Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.
references
0
reference_url https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33
1
reference_url https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2
fixed_packages
0
url pkg:pypi/twisted@24.7.0rc1
purl pkg:pypi/twisted@24.7.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ap46-rugq-uucz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@24.7.0rc1
aliases CVE-2024-41810, GHSA-cf56-g6w6-pqq2, PYSEC-2024-75
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kadj-7rha-tuc1
2
url VCID-w8z5-p2mz-5ybq
vulnerability_id VCID-w8z5-p2mz-5ybq
summary Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2023-224.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2023-224.yaml
1
reference_url https://github.com/twisted/twisted
reference_id
reference_type
scores
url https://github.com/twisted/twisted
2
reference_url https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
3
reference_url https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46137
reference_id CVE-2023-46137
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-46137
5
reference_url https://github.com/advisories/GHSA-xc8x-vp79-p3wm
reference_id GHSA-xc8x-vp79-p3wm
reference_type
scores
url https://github.com/advisories/GHSA-xc8x-vp79-p3wm
fixed_packages
0
url pkg:pypi/twisted@23.10.0rc1
purl pkg:pypi/twisted@23.10.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ap46-rugq-uucz
1
vulnerability VCID-kadj-7rha-tuc1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@23.10.0rc1
aliases CVE-2023-46137, GHSA-xc8x-vp79-p3wm, PYSEC-2023-224
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w8z5-p2mz-5ybq
Fixing_vulnerabilities
0
url VCID-yfky-tzcp-5qgh
vulnerability_id VCID-yfky-tzcp-5qgh
summary multiple issues
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-195.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-195.yaml
1
reference_url https://github.com/twisted/twisted
reference_id
reference_type
scores
url https://github.com/twisted/twisted
2
reference_url https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac
reference_id
reference_type
scores
url https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac
3
reference_url https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1
reference_id
reference_type
scores
url https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1
4
reference_url https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq
reference_id
reference_type
scores
url https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq
5
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00003.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2022/05/msg00003.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
10
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujul2022.html
11
reference_url https://security.archlinux.org/AVG-2663
reference_id AVG-2663
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2663
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24801
reference_id CVE-2022-24801
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-24801
13
reference_url https://github.com/advisories/GHSA-c2jg-hw38-jrqq
reference_id GHSA-c2jg-hw38-jrqq
reference_type
scores
url https://github.com/advisories/GHSA-c2jg-hw38-jrqq
fixed_packages
0
url pkg:pypi/twisted@22.4.0
purl pkg:pypi/twisted@22.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ap46-rugq-uucz
1
vulnerability VCID-kadj-7rha-tuc1
2
vulnerability VCID-w8z5-p2mz-5ybq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@22.4.0
aliases CVE-2022-24801, GHSA-c2jg-hw38-jrqq, PYSEC-2022-195
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yfky-tzcp-5qgh
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/twisted@22.4.0