Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/twisted@22.10.0rc1
Typepypi
Namespace
Nametwisted
Version22.10.0rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version26.4.0
Latest_non_vulnerable_version26.4.0
Affected_by_vulnerabilities
0
url VCID-ap46-rugq-uucz
vulnerability_id VCID-ap46-rugq-uucz
summary Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses previous loop-prevention logic, causing the single-threaded Twisted reactor to hang while processing millions of recursive lookups, effectively freezing the server. This vulnerability is fixed in 26.4.0rc2.
references
0
reference_url https://github.com/twisted/twisted/security/advisories/GHSA-grgv-6hw6-v9g4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://github.com/twisted/twisted/security/advisories/GHSA-grgv-6hw6-v9g4
fixed_packages
0
url pkg:pypi/twisted@26.4.0
purl pkg:pypi/twisted@26.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@26.4.0
aliases CVE-2026-42304, GHSA-grgv-6hw6-v9g4, PYSEC-2026-160
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ap46-rugq-uucz
1
url VCID-kadj-7rha-tuc1
vulnerability_id VCID-kadj-7rha-tuc1
summary Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.
references
0
reference_url https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33
1
reference_url https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2
fixed_packages
0
url pkg:pypi/twisted@24.7.0rc1
purl pkg:pypi/twisted@24.7.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ap46-rugq-uucz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@24.7.0rc1
aliases CVE-2024-41810, GHSA-cf56-g6w6-pqq2, PYSEC-2024-75
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kadj-7rha-tuc1
2
url VCID-w8z5-p2mz-5ybq
vulnerability_id VCID-w8z5-p2mz-5ybq
summary Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2023-224.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2023-224.yaml
1
reference_url https://github.com/twisted/twisted
reference_id
reference_type
scores
url https://github.com/twisted/twisted
2
reference_url https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
3
reference_url https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46137
reference_id CVE-2023-46137
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-46137
5
reference_url https://github.com/advisories/GHSA-xc8x-vp79-p3wm
reference_id GHSA-xc8x-vp79-p3wm
reference_type
scores
url https://github.com/advisories/GHSA-xc8x-vp79-p3wm
fixed_packages
0
url pkg:pypi/twisted@23.10.0rc1
purl pkg:pypi/twisted@23.10.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ap46-rugq-uucz
1
vulnerability VCID-kadj-7rha-tuc1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@23.10.0rc1
aliases CVE-2023-46137, GHSA-xc8x-vp79-p3wm, PYSEC-2023-224
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w8z5-p2mz-5ybq
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/twisted@22.10.0rc1