Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/twisted@23.10.0rc1
Typepypi
Namespace
Nametwisted
Version23.10.0rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version26.4.0
Latest_non_vulnerable_version26.4.0
Affected_by_vulnerabilities
0
url VCID-ap46-rugq-uucz
vulnerability_id VCID-ap46-rugq-uucz
summary Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses previous loop-prevention logic, causing the single-threaded Twisted reactor to hang while processing millions of recursive lookups, effectively freezing the server. This vulnerability is fixed in 26.4.0rc2.
references
0
reference_url https://github.com/twisted/twisted
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted
1
reference_url https://github.com/twisted/twisted/commit/e11cd82bdd79b3ebbb0e8635cbb9c76df2b5af09
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted/commit/e11cd82bdd79b3ebbb0e8635cbb9c76df2b5af09
2
reference_url https://github.com/twisted/twisted/security/advisories/GHSA-grgv-6hw6-v9g4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted/security/advisories/GHSA-grgv-6hw6-v9g4
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42304
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42304
fixed_packages
0
url pkg:pypi/twisted@26.4.0rc2
purl pkg:pypi/twisted@26.4.0rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ap46-rugq-uucz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@26.4.0rc2
1
url pkg:pypi/twisted@26.4.0
purl pkg:pypi/twisted@26.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@26.4.0
aliases CVE-2026-42304, GHSA-grgv-6hw6-v9g4, PYSEC-2026-160
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ap46-rugq-uucz
1
url VCID-kadj-7rha-tuc1
vulnerability_id VCID-kadj-7rha-tuc1
summary Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41810.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41810.json
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2024-75.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2024-75.yaml
2
reference_url https://github.com/twisted/twisted
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted
3
reference_url https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33
4
reference_url https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2
5
reference_url https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077680
reference_id 1077680
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077680
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2300497
reference_id 2300497
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2300497
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41810
reference_id CVE-2024-41810
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41810
9
reference_url https://github.com/advisories/GHSA-cf56-g6w6-pqq2
reference_id GHSA-cf56-g6w6-pqq2
reference_type
scores
url https://github.com/advisories/GHSA-cf56-g6w6-pqq2
10
reference_url https://access.redhat.com/errata/RHSA-2024:7312
reference_id RHSA-2024:7312
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7312
fixed_packages
0
url pkg:pypi/twisted@24.7.0rc1
purl pkg:pypi/twisted@24.7.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ap46-rugq-uucz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@24.7.0rc1
aliases CVE-2024-41810, GHSA-cf56-g6w6-pqq2, PYSEC-2024-75
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kadj-7rha-tuc1
Fixing_vulnerabilities
0
url VCID-w8z5-p2mz-5ybq
vulnerability_id VCID-w8z5-p2mz-5ybq
summary Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46137.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46137.json
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2023-224.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2023-224.yaml
2
reference_url https://github.com/twisted/twisted
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted
3
reference_url https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
4
reference_url https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054913
reference_id 1054913
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054913
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2246264
reference_id 2246264
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2246264
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46137
reference_id CVE-2023-46137
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46137
8
reference_url https://github.com/advisories/GHSA-xc8x-vp79-p3wm
reference_id GHSA-xc8x-vp79-p3wm
reference_type
scores
url https://github.com/advisories/GHSA-xc8x-vp79-p3wm
9
reference_url https://access.redhat.com/errata/RHSA-2024:0322
reference_id RHSA-2024:0322
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0322
10
reference_url https://access.redhat.com/errata/RHSA-2024:1516
reference_id RHSA-2024:1516
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1516
11
reference_url https://access.redhat.com/errata/RHSA-2024:1518
reference_id RHSA-2024:1518
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1518
fixed_packages
0
url pkg:pypi/twisted@23.10.0rc1
purl pkg:pypi/twisted@23.10.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ap46-rugq-uucz
1
vulnerability VCID-kadj-7rha-tuc1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@23.10.0rc1
aliases CVE-2023-46137, GHSA-xc8x-vp79-p3wm, PYSEC-2023-224
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w8z5-p2mz-5ybq
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/twisted@23.10.0rc1