Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/8570?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/8570?format=api", "purl": "pkg:pypi/twisted@14.0.0", "type": "pypi", "namespace": "", "name": "twisted", "version": "14.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "24.7.0rc1", "latest_non_vulnerable_version": "24.7.0rc1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89465?format=api", "vulnerability_id": "VCID-31hv-tjeu-1ucm", "summary": "In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00042.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00042.html" }, { "reference_url": "https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2" }, { "reference_url": "https://labs.twistedmatrix.com/2019/06/twisted-1921-released.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://labs.twistedmatrix.com/2019/06/twisted-1921-released.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N/" }, { "reference_url": "https://twistedmatrix.com/pipermail/twisted-python/2019-June/032352.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://twistedmatrix.com/pipermail/twisted-python/2019-June/032352.html" }, { "reference_url": "https://usn.ubuntu.com/4308-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4308-1/" }, { "reference_url": "https://usn.ubuntu.com/4308-2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4308-2/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8611?format=api", "purl": "pkg:pypi/twisted@19.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-562c-1hjs-hqau" }, { "vulnerability": "VCID-7d7z-nhf1-kyhc" }, { "vulnerability": "VCID-f9bv-6a83-eyb7" }, { "vulnerability": "VCID-qavz-rft9-7bfb" }, { "vulnerability": "VCID-qc7c-e5fb-77f1" }, { "vulnerability": "VCID-qtwh-as1r-6ka5" }, { "vulnerability": "VCID-rzad-s8tu-47gm" }, { "vulnerability": "VCID-szfx-665h-w3eb" }, { "vulnerability": "VCID-tec3-uqmg-tueq" }, { "vulnerability": "VCID-vcw1-fzw7-43f5" }, { "vulnerability": "VCID-vz8r-fhqf-zudf" }, { "vulnerability": "VCID-y7f5-9nmg-w7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@19.2.1" } ], "aliases": [ "PYSEC-2019-58" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-31hv-tjeu-1ucm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13401?format=api", "vulnerability_id": "VCID-562c-1hjs-hqau", "summary": "Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41810.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41810.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41810", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.67844", "scoring_system": "epss", "scoring_elements": "0.98586", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.67844", "scoring_system": "epss", "scoring_elements": "0.98585", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.67844", "scoring_system": "epss", "scoring_elements": "0.98583", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.67844", "scoring_system": "epss", "scoring_elements": "0.98582", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.67844", "scoring_system": "epss", "scoring_elements": "0.9858", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.67844", "scoring_system": "epss", "scoring_elements": "0.98578", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.67844", "scoring_system": "epss", "scoring_elements": "0.98575", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41810" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41810", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41810" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2024-75.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2024-75.yaml" }, { "reference_url": "https://github.com/twisted/twisted", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted" }, { "reference_url": "https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T16:39:25Z/" } ], "url": "https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33" }, { "reference_url": "https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T16:39:25Z/" } ], "url": "https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41810", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41810" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077680", "reference_id": "1077680", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077680" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300497", "reference_id": "2300497", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300497" }, { "reference_url": "https://github.com/advisories/GHSA-cf56-g6w6-pqq2", "reference_id": "GHSA-cf56-g6w6-pqq2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cf56-g6w6-pqq2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7312", "reference_id": "RHSA-2024:7312", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7312" }, { "reference_url": "https://usn.ubuntu.com/6988-1/", "reference_id": "USN-6988-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6988-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/47735?format=api", "purl": "pkg:pypi/twisted@24.7.0rc1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@24.7.0rc1" } ], "aliases": [ "CVE-2024-41810", "GHSA-cf56-g6w6-pqq2", "PYSEC-2024-75" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-562c-1hjs-hqau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6047?format=api", "vulnerability_id": "VCID-7d7z-nhf1-kyhc", "summary": "In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10109.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10109.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10109", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03518", "scoring_system": "epss", "scoring_elements": "0.87641", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03518", "scoring_system": "epss", "scoring_elements": "0.87644", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03518", "scoring_system": "epss", "scoring_elements": "0.87649", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03518", "scoring_system": "epss", "scoring_elements": "0.87637", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03518", "scoring_system": "epss", "scoring_elements": "0.87631", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03518", "scoring_system": "epss", "scoring_elements": "0.87611", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03518", "scoring_system": "epss", "scoring_elements": "0.87595", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03518", "scoring_system": "epss", "scoring_elements": "0.87609", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03518", "scoring_system": "epss", "scoring_elements": "0.87586", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10109" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10109", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10109" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-p5xh-vx83-mxcj", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p5xh-vx83-mxcj" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2020-260.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2020-260.yaml" }, { "reference_url": "https://github.com/twisted/twisted", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted" }, { "reference_url": "https://github.com/twisted/twisted/blob/6ff2c40e42416c83203422ff70dfc49d2681c8e2/NEWS.rst#twisted-2030-2020-03-13", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted/blob/6ff2c40e42416c83203422ff70dfc49d2681c8e2/NEWS.rst#twisted-2030-2020-03-13" }, { "reference_url": "https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281" }, { "reference_url": "https://know.bishopfox.com/advisories", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://know.bishopfox.com/advisories" }, { "reference_url": "https://know.bishopfox.com/advisories/twisted-version-19.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://know.bishopfox.com/advisories/twisted-version-19.10.0" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10109", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10109" }, { "reference_url": "https://security.gentoo.org/glsa/202007-24", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202007-24" }, { "reference_url": "https://usn.ubuntu.com/4308-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4308-1" }, { "reference_url": "https://usn.ubuntu.com/4308-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4308-1/" }, { "reference_url": "https://usn.ubuntu.com/4308-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4308-2" }, { "reference_url": "https://usn.ubuntu.com/4308-2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4308-2/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813447", "reference_id": "1813447", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813447" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953950", "reference_id": "953950", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953950" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1561", "reference_id": "RHSA-2020:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1561" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/10055?format=api", "purl": "pkg:pypi/twisted@20.3.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-562c-1hjs-hqau" }, { "vulnerability": "VCID-7d7z-nhf1-kyhc" }, { "vulnerability": "VCID-qc7c-e5fb-77f1" }, { "vulnerability": "VCID-qtwh-as1r-6ka5" }, { "vulnerability": "VCID-rzad-s8tu-47gm" }, { "vulnerability": "VCID-tec3-uqmg-tueq" }, { "vulnerability": "VCID-vcw1-fzw7-43f5" }, { "vulnerability": "VCID-vz8r-fhqf-zudf" }, { "vulnerability": "VCID-y7f5-9nmg-w7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@20.3.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/25188?format=api", "purl": "pkg:pypi/twisted@20.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-562c-1hjs-hqau" }, { "vulnerability": "VCID-qc7c-e5fb-77f1" }, { "vulnerability": "VCID-rzad-s8tu-47gm" }, { "vulnerability": "VCID-tec3-uqmg-tueq" }, { "vulnerability": "VCID-vz8r-fhqf-zudf" }, { "vulnerability": "VCID-y7f5-9nmg-w7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@20.3.0" } ], "aliases": [ "CVE-2020-10109", "GHSA-p5xh-vx83-mxcj", "PYSEC-2020-260" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7d7z-nhf1-kyhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5961?format=api", "vulnerability_id": "VCID-c98y-tdct-ykce", "summary": "Python Twisted 14.0 trustRoot is not respected in HTTP client", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7143.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7143.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7143", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57547", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57577", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57599", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57619", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57604", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.576", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57467", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57551", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57572", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7143" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7143", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7143" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96135", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96135" }, { "reference_url": "https://github.com/advisories/GHSA-3c45-wgjp-7v9r", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3c45-wgjp-7v9r" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-212.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-212.yaml" }, { "reference_url": "https://github.com/twisted/twisted", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted" }, { "reference_url": "https://github.com/twisted/twisted/commit/3b5942252f5f3e45862a0e12b266ab29e243cc33", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted/commit/3b5942252f5f3e45862a0e12b266ab29e243cc33" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7143", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7143" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2014-7143", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2014-7143" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/09/22/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/09/22/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1143802", "reference_id": "1143802", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1143802" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761983", "reference_id": "761983", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761983" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:twisted:twisted:14.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:twisted:twisted:14.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:twisted:twisted:14.0.0:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8571?format=api", "purl": "pkg:pypi/twisted@14.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31hv-tjeu-1ucm" }, { "vulnerability": "VCID-562c-1hjs-hqau" }, { "vulnerability": "VCID-7d7z-nhf1-kyhc" }, { "vulnerability": "VCID-f9bv-6a83-eyb7" }, { "vulnerability": "VCID-n87q-79je-4kcj" }, { "vulnerability": "VCID-qavz-rft9-7bfb" }, { "vulnerability": "VCID-qc7c-e5fb-77f1" }, { "vulnerability": "VCID-qtwh-as1r-6ka5" }, { "vulnerability": "VCID-rzad-s8tu-47gm" }, { "vulnerability": "VCID-szfx-665h-w3eb" }, { "vulnerability": "VCID-tec3-uqmg-tueq" }, { "vulnerability": "VCID-vcw1-fzw7-43f5" }, { "vulnerability": "VCID-vz8r-fhqf-zudf" }, { "vulnerability": "VCID-y7f5-9nmg-w7b3" }, { "vulnerability": "VCID-zx5n-czhy-6qgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@14.0.1" } ], "aliases": [ "CVE-2014-7143", "GHSA-3c45-wgjp-7v9r", "PYSEC-2019-212" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c98y-tdct-ykce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89493?format=api", "vulnerability_id": "VCID-f9bv-6a83-eyb7", "summary": "In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html" }, { "reference_url": "https://github.com/twisted/twisted/pull/1147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/twisted/twisted/pull/1147" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ/" }, { "reference_url": "https://twistedmatrix.com/trac/ticket/9561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://twistedmatrix.com/trac/ticket/9561" }, { "reference_url": "https://usn.ubuntu.com/4308-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4308-1/" }, { "reference_url": "https://usn.ubuntu.com/4308-2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4308-2/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8612?format=api", "purl": "pkg:pypi/twisted@19.7.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-562c-1hjs-hqau" }, { "vulnerability": "VCID-7d7z-nhf1-kyhc" }, { "vulnerability": "VCID-qavz-rft9-7bfb" }, { "vulnerability": "VCID-qc7c-e5fb-77f1" }, { "vulnerability": "VCID-qtwh-as1r-6ka5" }, { "vulnerability": "VCID-rzad-s8tu-47gm" }, { "vulnerability": "VCID-tec3-uqmg-tueq" }, { "vulnerability": "VCID-vcw1-fzw7-43f5" }, { "vulnerability": "VCID-vz8r-fhqf-zudf" }, { "vulnerability": "VCID-y7f5-9nmg-w7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@19.7.0rc1" } ], "aliases": [ "PYSEC-2019-59" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f9bv-6a83-eyb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6045?format=api", "vulnerability_id": "VCID-n87q-79je-4kcj", "summary": "Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000111.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000111.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1000111", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71823", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71881", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71899", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71875", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71864", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71825", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71851", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00694", "scoring_system": "epss", "scoring_elements": "0.71832", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1000111" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000111", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000111" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3gqj-cmxr-p4x2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3gqj-cmxr-p4x2" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2020-214.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2020-214.yaml" }, { "reference_url": "https://github.com/twisted/twisted", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000111", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000111" }, { "reference_url": "https://twistedmatrix.com/pipermail/twisted-web/2016-August/005268.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://twistedmatrix.com/pipermail/twisted-web/2016-August/005268.html" }, { "reference_url": "https://twistedmatrix.com/trac/ticket/8623", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://twistedmatrix.com/trac/ticket/8623" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2016/07/18/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2016/07/18/6" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1357345", "reference_id": "1357345", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1357345" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1978", "reference_id": "RHSA-2016:1978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0273", "reference_id": "RHSA-2018:0273", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0273" }, { "reference_url": "https://usn.ubuntu.com/3585-1/", "reference_id": "USN-3585-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3585-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8585?format=api", "purl": "pkg:pypi/twisted@16.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31hv-tjeu-1ucm" }, { "vulnerability": "VCID-562c-1hjs-hqau" }, { "vulnerability": "VCID-7d7z-nhf1-kyhc" }, { "vulnerability": "VCID-f9bv-6a83-eyb7" }, { "vulnerability": "VCID-qavz-rft9-7bfb" }, { "vulnerability": "VCID-qc7c-e5fb-77f1" }, { "vulnerability": "VCID-qtwh-as1r-6ka5" }, { "vulnerability": "VCID-rzad-s8tu-47gm" }, { "vulnerability": "VCID-szfx-665h-w3eb" }, { "vulnerability": "VCID-tec3-uqmg-tueq" }, { "vulnerability": "VCID-vcw1-fzw7-43f5" }, { "vulnerability": "VCID-vz8r-fhqf-zudf" }, { "vulnerability": "VCID-y7f5-9nmg-w7b3" }, { "vulnerability": "VCID-zx5n-czhy-6qgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@16.3.1" } ], "aliases": [ "CVE-2016-1000111", "GHSA-3gqj-cmxr-p4x2", "PYSEC-2020-214" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n87q-79je-4kcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13305?format=api", "vulnerability_id": "VCID-qavz-rft9-7bfb", "summary": "HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods\nTwisted web servers that utilize the optional HTTP/2 support suffer from the following flow-control related vulnerabilities.", "references": [ { "reference_url": "https://github.com/twisted/twisted", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted" }, { "reference_url": "https://github.com/twisted/twisted/commit/a40ab1ce5210f231abe7a448a54d7e88e48f2d5d", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted/commit/a40ab1ce5210f231abe7a448a54d7e88e48f2d5d" }, { "reference_url": "https://github.com/advisories/GHSA-32gv-6cf3-wcmq", "reference_id": "GHSA-32gv-6cf3-wcmq", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-32gv-6cf3-wcmq" }, { "reference_url": "https://github.com/twisted/twisted/security/advisories/GHSA-32gv-6cf3-wcmq", "reference_id": "GHSA-32gv-6cf3-wcmq", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted/security/advisories/GHSA-32gv-6cf3-wcmq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/10054?format=api", "purl": "pkg:pypi/twisted@19.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-562c-1hjs-hqau" }, { "vulnerability": "VCID-7d7z-nhf1-kyhc" }, { "vulnerability": "VCID-qc7c-e5fb-77f1" }, { "vulnerability": "VCID-qtwh-as1r-6ka5" }, { "vulnerability": "VCID-rzad-s8tu-47gm" }, { "vulnerability": "VCID-tec3-uqmg-tueq" }, { "vulnerability": "VCID-vcw1-fzw7-43f5" }, { "vulnerability": "VCID-vz8r-fhqf-zudf" }, { "vulnerability": "VCID-y7f5-9nmg-w7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@19.10.0" } ], "aliases": [ "GHSA-32gv-6cf3-wcmq", "GMS-2022-410" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qavz-rft9-7bfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8451?format=api", "vulnerability_id": "VCID-qc7c-e5fb-77f1", "summary": "twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21712.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21712.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21712", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47346", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.4734", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47365", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47341", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47344", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47289", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47342", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47321", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21712" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21712", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21712" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-27.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-27.yaml" }, { "reference_url": "https://github.com/twisted/twisted", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted" }, { "reference_url": "https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:40Z/" } ], "url": "https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2" }, { "reference_url": "https://github.com/twisted/twisted/releases/tag/twisted-22.1.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:40Z/" } ], "url": "https://github.com/twisted/twisted/releases/tag/twisted-22.1.0" }, { "reference_url": "https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:40Z/" } ], "url": "https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21712", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21712" }, { "reference_url": "https://pypi.org/project/Twisted", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pypi.org/project/Twisted" }, { "reference_url": "https://pypi.org/project/Twisted/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://pypi.org/project/Twisted/" }, { "reference_url": "https://security.gentoo.org/glsa/202301-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202301-02" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051865", "reference_id": "2051865", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051865" }, { "reference_url": "https://security.archlinux.org/AVG-2663", "reference_id": "AVG-2663", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2663" }, { "reference_url": "https://github.com/advisories/GHSA-92x2-jw7w-xvvx", "reference_id": "GHSA-92x2-jw7w-xvvx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-92x2-jw7w-xvvx" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0982", "reference_id": "RHSA-2022:0982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0992", "reference_id": "RHSA-2022:0992", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0992" }, { "reference_url": "https://usn.ubuntu.com/5354-1/", "reference_id": "USN-5354-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5354-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25196?format=api", "purl": "pkg:pypi/twisted@22.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-562c-1hjs-hqau" }, { "vulnerability": "VCID-rzad-s8tu-47gm" }, { "vulnerability": "VCID-tec3-uqmg-tueq" }, { "vulnerability": "VCID-vz8r-fhqf-zudf" }, { "vulnerability": "VCID-y7f5-9nmg-w7b3" }, { "vulnerability": "VCID-z5qm-2n25-e7g4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@22.1.0" } ], "aliases": [ "CVE-2022-21712", "GHSA-92x2-jw7w-xvvx", "PYSEC-2022-27" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qc7c-e5fb-77f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51927?format=api", "vulnerability_id": "VCID-qtwh-as1r-6ka5", "summary": "Twisted vulnerable to HTTP Request Smuggling Attacks\n### Impact\nTwisted Web is vulnerable to request smuggling attacks:\n\n1. \"When presented with two content-length headers, Twisted Web ignored the first header. When the second content-length was set to zero this caused Twisted Web to interpret the request body as a pipelined request. According to RFC 7230 Section 3.3.3#4, if a message is received with multiple content-length headers with differing value, then the server must reject the message with a 400 response.\" (Jake Miller of Bishop Fox Security)\n2. \" When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted by Twisted Web as a pipelined request. According to RFC 7230 Section 3.3.3#3, if a message with both content-length and chunked encoding is accepted, transfer-encoding overrides the content-length.\" (Jake Miller of Bishop Fox Security)\n3. ~\"Twisted should not allow BWS between the filed-name and colon.\" (ZeddYu Lu)~ _closed in 9646_\n4. \"Two CL header with different values is also not allowed.\" (ZeddYu Lu)\n5. \"Only accept identity and chunked Transport-Encoding.\" (ZeddYu Lu)\n\n### Patches\nhttps://github.com/twisted/twisted/commit/20c787a14a09e7cbd5dfd8df08ceff00d1fcc081\nhttps://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281\n\n### Workarounds\nN/A\n\n### References\nhttps://portswigger.net/web-security/request-smuggling", "references": [ { "reference_url": "https://github.com/twisted/twisted", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted" }, { "reference_url": "https://github.com/twisted/twisted/commit/20c787a14a09e7cbd5dfd8df08ceff00d1fcc081", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted/commit/20c787a14a09e7cbd5dfd8df08ceff00d1fcc081" }, { "reference_url": "https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281" }, { "reference_url": "https://github.com/twisted/twisted/security/advisories/GHSA-8r99-h8j2-rw64", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted/security/advisories/GHSA-8r99-h8j2-rw64" }, { "reference_url": "https://github.com/advisories/GHSA-8r99-h8j2-rw64", "reference_id": "GHSA-8r99-h8j2-rw64", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8r99-h8j2-rw64" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25188?format=api", "purl": "pkg:pypi/twisted@20.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-562c-1hjs-hqau" }, { "vulnerability": "VCID-qc7c-e5fb-77f1" }, { "vulnerability": "VCID-rzad-s8tu-47gm" }, { "vulnerability": "VCID-tec3-uqmg-tueq" }, { "vulnerability": "VCID-vz8r-fhqf-zudf" }, { "vulnerability": "VCID-y7f5-9nmg-w7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@20.3.0" } ], "aliases": [ "GHSA-8r99-h8j2-rw64", "GMS-2022-5173" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtwh-as1r-6ka5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8789?format=api", "vulnerability_id": "VCID-rzad-s8tu-47gm", "summary": "Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24801.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24801.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24801", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01051", "scoring_system": "epss", "scoring_elements": "0.77546", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01051", "scoring_system": "epss", "scoring_elements": "0.77529", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01051", "scoring_system": "epss", "scoring_elements": "0.77549", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01051", "scoring_system": "epss", "scoring_elements": "0.77564", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01051", "scoring_system": "epss", "scoring_elements": "0.77538", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01051", "scoring_system": "epss", "scoring_elements": "0.775", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01058", "scoring_system": "epss", "scoring_elements": "0.77561", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01058", "scoring_system": "epss", "scoring_elements": "0.77587", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24801" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-195.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-195.yaml" }, { "reference_url": "https://github.com/twisted/twisted", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted" }, { "reference_url": "https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/" } ], "url": "https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac" }, { "reference_url": "https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/" } ], "url": "https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1" }, { "reference_url": "https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/" } ], "url": "https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00003.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009030", "reference_id": "1009030", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009030" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073114", "reference_id": "2073114", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073114" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/", "reference_id": "7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/" }, { "reference_url": "https://security.archlinux.org/AVG-2663", "reference_id": "AVG-2663", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2663" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24801", "reference_id": "CVE-2022-24801", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24801" }, { "reference_url": "https://github.com/advisories/GHSA-c2jg-hw38-jrqq", "reference_id": "GHSA-c2jg-hw38-jrqq", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c2jg-hw38-jrqq" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/", "reference_id": "GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1645", "reference_id": "RHSA-2022:1645", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1645" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1646", "reference_id": "RHSA-2022:1646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4930", "reference_id": "RHSA-2022:4930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4930" }, { "reference_url": "https://usn.ubuntu.com/5576-1/", "reference_id": "USN-5576-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5576-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26515?format=api", "purl": "pkg:pypi/twisted@22.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-562c-1hjs-hqau" }, { "vulnerability": "VCID-tec3-uqmg-tueq" }, { "vulnerability": "VCID-vz8r-fhqf-zudf" }, { "vulnerability": "VCID-y7f5-9nmg-w7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@22.4.0" } ], "aliases": [ "CVE-2022-24801", "GHSA-c2jg-hw38-jrqq", "PYSEC-2022-195" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rzad-s8tu-47gm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5895?format=api", "vulnerability_id": "VCID-szfx-665h-w3eb", "summary": "In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12855.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12855.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.70712", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.70721", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.70744", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.70648", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.70663", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.70682", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.7066", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.70727", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00646", "scoring_system": "epss", "scoring_elements": "0.70705", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12855" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-65rm-h285-5cc5", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-65rm-h285-5cc5" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-129.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-129.yaml" }, { "reference_url": "https://github.com/twisted/twisted", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted" }, { "reference_url": "https://github.com/twisted/twisted/pull/1147", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted/pull/1147" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12855", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12855" }, { "reference_url": "https://twistedmatrix.com/trac/ticket/9561", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://twistedmatrix.com/trac/ticket/9561" }, { "reference_url": "https://usn.ubuntu.com/4308-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4308-1" }, { "reference_url": "https://usn.ubuntu.com/4308-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4308-1/" }, { "reference_url": "https://usn.ubuntu.com/4308-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4308-2" }, { "reference_url": "https://usn.ubuntu.com/4308-2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4308-2/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728206", "reference_id": "1728206", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728206" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930626", "reference_id": "930626", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930626" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8612?format=api", "purl": "pkg:pypi/twisted@19.7.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-562c-1hjs-hqau" }, { "vulnerability": "VCID-7d7z-nhf1-kyhc" }, { "vulnerability": "VCID-qavz-rft9-7bfb" }, { "vulnerability": "VCID-qc7c-e5fb-77f1" }, { "vulnerability": "VCID-qtwh-as1r-6ka5" }, { "vulnerability": "VCID-rzad-s8tu-47gm" }, { "vulnerability": "VCID-tec3-uqmg-tueq" }, { "vulnerability": "VCID-vcw1-fzw7-43f5" }, { "vulnerability": "VCID-vz8r-fhqf-zudf" }, { "vulnerability": "VCID-y7f5-9nmg-w7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@19.7.0rc1" } ], "aliases": [ "CVE-2019-12855", "GHSA-65rm-h285-5cc5", "PYSEC-2019-129" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-szfx-665h-w3eb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35564?format=api", "vulnerability_id": "VCID-tec3-uqmg-tueq", "summary": "Multiple vulnerabilities have been discovered in Twisted, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39348.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39348.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39348", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.784", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78393", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78392", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78386", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78359", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01138", "scoring_system": "epss", "scoring_elements": "0.78418", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01178", "scoring_system": "epss", "scoring_elements": "0.78684", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01178", "scoring_system": "epss", "scoring_elements": "0.78715", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39348" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39348", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39348" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/twisted/twisted", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted" }, { "reference_url": "https://github.com/twisted/twisted/commit/f2f5e81c03f14e253e85fe457e646130780db40b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:19Z/" } ], "url": "https://github.com/twisted/twisted/commit/f2f5e81c03f14e253e85fe457e646130780db40b" }, { "reference_url": "https://github.com/twisted/twisted/commit/f49041bb67792506d85aeda9cf6157e92f8048f4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:19Z/" } ], "url": "https://github.com/twisted/twisted/commit/f49041bb67792506d85aeda9cf6157e92f8048f4" }, { "reference_url": "https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:19Z/" } ], "url": "https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00038.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:19Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00038.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39348", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39348" }, { "reference_url": "https://security.gentoo.org/glsa/202301-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:19Z/" } ], "url": "https://security.gentoo.org/glsa/202301-02" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023359", "reference_id": "1023359", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023359" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139431", "reference_id": "2139431", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139431" }, { "reference_url": "https://github.com/advisories/GHSA-vg46-2rrj-3647", "reference_id": "GHSA-vg46-2rrj-3647", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vg46-2rrj-3647" }, { "reference_url": "https://usn.ubuntu.com/6575-1/", "reference_id": "USN-6575-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6575-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40849?format=api", "purl": "pkg:pypi/twisted@22.10.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-562c-1hjs-hqau" }, { "vulnerability": "VCID-vz8r-fhqf-zudf" }, { "vulnerability": "VCID-y7f5-9nmg-w7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@22.10.0rc1" } ], "aliases": [ "CVE-2022-39348", "GHSA-vg46-2rrj-3647" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tec3-uqmg-tueq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6046?format=api", "vulnerability_id": "VCID-vcw1-fzw7-43f5", "summary": "In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10108.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10108.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10108", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03411", "scoring_system": "epss", "scoring_elements": "0.87435", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03411", "scoring_system": "epss", "scoring_elements": "0.87439", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03411", "scoring_system": "epss", "scoring_elements": "0.87425", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03411", "scoring_system": "epss", "scoring_elements": "0.87432", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03411", "scoring_system": "epss", "scoring_elements": "0.87444", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03411", "scoring_system": "epss", "scoring_elements": "0.87383", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03411", "scoring_system": "epss", "scoring_elements": "0.87392", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03411", "scoring_system": "epss", "scoring_elements": "0.87407", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03411", "scoring_system": "epss", "scoring_elements": "0.87406", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10108" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10108", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10108" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-h96w-mmrf-2h6v", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h96w-mmrf-2h6v" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2020-259.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2020-259.yaml" }, { "reference_url": "https://github.com/twisted/twisted", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted" }, { "reference_url": "https://github.com/twisted/twisted/blob/6ff2c40e42416c83203422ff70dfc49d2681c8e2/NEWS.rst#twisted-2030-2020-03-13", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted/blob/6ff2c40e42416c83203422ff70dfc49d2681c8e2/NEWS.rst#twisted-2030-2020-03-13" }, { "reference_url": "https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281" }, { "reference_url": "https://know.bishopfox.com/advisories", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://know.bishopfox.com/advisories" }, { "reference_url": "https://know.bishopfox.com/advisories/twisted-version-19.10.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://know.bishopfox.com/advisories/twisted-version-19.10.0" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10108", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10108" }, { "reference_url": "https://security.gentoo.org/glsa/202007-24", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202007-24" }, { "reference_url": "https://usn.ubuntu.com/4308-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4308-1" }, { "reference_url": "https://usn.ubuntu.com/4308-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4308-1/" }, { "reference_url": "https://usn.ubuntu.com/4308-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4308-2" }, { "reference_url": "https://usn.ubuntu.com/4308-2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4308-2/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813439", "reference_id": "1813439", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813439" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953950", "reference_id": "953950", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953950" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1561", "reference_id": "RHSA-2020:1561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1962", "reference_id": "RHSA-2020:1962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1962" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/10055?format=api", "purl": "pkg:pypi/twisted@20.3.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-562c-1hjs-hqau" }, { "vulnerability": "VCID-7d7z-nhf1-kyhc" }, { "vulnerability": "VCID-qc7c-e5fb-77f1" }, { "vulnerability": "VCID-qtwh-as1r-6ka5" }, { "vulnerability": "VCID-rzad-s8tu-47gm" }, { "vulnerability": "VCID-tec3-uqmg-tueq" }, { "vulnerability": "VCID-vcw1-fzw7-43f5" }, { "vulnerability": "VCID-vz8r-fhqf-zudf" }, { "vulnerability": "VCID-y7f5-9nmg-w7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@20.3.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/25188?format=api", "purl": "pkg:pypi/twisted@20.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-562c-1hjs-hqau" }, { "vulnerability": "VCID-qc7c-e5fb-77f1" }, { "vulnerability": "VCID-rzad-s8tu-47gm" }, { "vulnerability": "VCID-tec3-uqmg-tueq" }, { "vulnerability": "VCID-vz8r-fhqf-zudf" }, { "vulnerability": "VCID-y7f5-9nmg-w7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@20.3.0" } ], "aliases": [ "CVE-2020-10108", "GHSA-h96w-mmrf-2h6v", "PYSEC-2020-259" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vcw1-fzw7-43f5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17752?format=api", "vulnerability_id": "VCID-vz8r-fhqf-zudf", "summary": "twisted.web has disordered HTTP pipeline response\n### Summary\n\nThe HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure.\n\n### PoC\n0. Start a fresh Debian container:\n```sh\ndocker run --workdir /repro --rm -it debian:bookworm-slim\n```\n1. Install twisted and its dependencies:\n```sh\napt -y update && apt -y install ncat git python3 python3-pip \\\n && git clone --recurse-submodules https://github.com/twisted/twisted \\\n && cd twisted \\\n && pip3 install --break-system-packages .\n```\n2. Run a twisted.web HTTP server that echos received requests' methods. e.g., the following:\n```python\nfrom twisted.web import server, resource\nfrom twisted.internet import reactor\n\nclass TheResource(resource.Resource):\n isLeaf = True\n\n def render_GET(self, request) -> bytes:\n return b\"GET\"\n\n def render_POST(self, request) -> bytes:\n return b\"POST\"\n\nsite = server.Site(TheResource())\nreactor.listenTCP(80, site)\nreactor.run()\n```\n3. Send it a POST request with a chunked message body, pipelined with another POST request, wait a second, then send a GET request on the same connection:\n```sh\n(printf 'POST / HTTP/1.1\\r\\nTransfer-Encoding: chunked\\r\\n\\r\\n0\\r\\n\\r\\nPOST / HTTP/1.1\\r\\nContent-Length: 0\\r\\n\\r\\n'; sleep 1; printf 'GET / HTTP/1.1\\r\\n\\r\\n'; sleep 1) | nc localhost 80\n```\n4. Observe that the responses arrive out of order:\n```\nHTTP/1.1 200 OK\nServer: TwistedWeb/24.3.0.post0\nDate: Tue, 09 Jul 2024 06:19:41 GMT\nContent-Length: 5\nContent-Type: text/html\n\nPOST\nHTTP/1.1 200 OK\nServer: TwistedWeb/24.3.0.post0\nDate: Tue, 09 Jul 2024 06:19:42 GMT\nContent-Length: 4\nContent-Type: text/html\n\nGET\nHTTP/1.1 200 OK\nServer: TwistedWeb/24.3.0.post0\nDate: Tue, 09 Jul 2024 06:19:42 GMT\nContent-Length: 5\nContent-Type: text/html\n\nPOST\n```\n\n### Impact\nSee [GHSA-xc8x-vp79-p3wm](https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm). Further, for instances of twisted.web HTTP servers deployed behind reverse proxies that implement connection pooling, it may be possible for remote attackers to receive responses intended for other clients of the twisted.web server.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41671", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27164", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27107", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27061", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26992", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.272", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29021", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29072", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29116", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41671" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/twisted/twisted", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted" }, { "reference_url": "https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T18:59:07Z/" } ], "url": "https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33" }, { "reference_url": "https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T18:59:07Z/" } ], "url": "https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc" }, { "reference_url": "https://github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T18:59:07Z/" } ], "url": "https://github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41671", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41671" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/disordered-http-pipeline-in-twistedweb-cve-2024-4167", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vicarius.io/vsociety/posts/disordered-http-pipeline-in-twistedweb-cve-2024-4167" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077679", "reference_id": "1077679", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077679" }, { "reference_url": "https://github.com/advisories/GHSA-c8m8-j448-xjx7", "reference_id": "GHSA-c8m8-j448-xjx7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c8m8-j448-xjx7" }, { "reference_url": "https://usn.ubuntu.com/6988-1/", "reference_id": "USN-6988-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6988-1/" }, { "reference_url": "https://usn.ubuntu.com/6988-2/", "reference_id": "USN-6988-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6988-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/47735?format=api", "purl": "pkg:pypi/twisted@24.7.0rc1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@24.7.0rc1" } ], "aliases": [ "CVE-2024-41671", "GHSA-c8m8-j448-xjx7" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vz8r-fhqf-zudf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11366?format=api", "vulnerability_id": "VCID-y7f5-9nmg-w7b3", "summary": "Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46137.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46137.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46137", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00594", "scoring_system": "epss", "scoring_elements": "0.69261", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00594", "scoring_system": "epss", "scoring_elements": "0.69242", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00666", "scoring_system": "epss", "scoring_elements": "0.71226", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00666", "scoring_system": "epss", "scoring_elements": "0.71263", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00666", "scoring_system": "epss", "scoring_elements": "0.71241", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00666", "scoring_system": "epss", "scoring_elements": "0.71249", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00666", "scoring_system": "epss", "scoring_elements": "0.71184", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00666", "scoring_system": "epss", "scoring_elements": "0.71233", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46137" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46137", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46137" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2023-224.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2023-224.yaml" }, { "reference_url": "https://github.com/twisted/twisted", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted" }, { "reference_url": "https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-10T13:57:52Z/" } ], "url": "https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054913", "reference_id": "1054913", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054913" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246264", "reference_id": "2246264", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246264" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46137", "reference_id": "CVE-2023-46137", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46137" }, { "reference_url": "https://github.com/advisories/GHSA-xc8x-vp79-p3wm", "reference_id": "GHSA-xc8x-vp79-p3wm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xc8x-vp79-p3wm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0322", "reference_id": "RHSA-2024:0322", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0322" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1516", "reference_id": "RHSA-2024:1516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1518", "reference_id": "RHSA-2024:1518", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1518" }, { "reference_url": "https://usn.ubuntu.com/6575-1/", "reference_id": "USN-6575-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6575-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40853?format=api", "purl": "pkg:pypi/twisted@23.10.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-562c-1hjs-hqau" }, { "vulnerability": "VCID-vz8r-fhqf-zudf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@23.10.0rc1" } ], "aliases": [ "CVE-2023-46137", "GHSA-xc8x-vp79-p3wm", "PYSEC-2023-224" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y7f5-9nmg-w7b3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5894?format=api", "vulnerability_id": "VCID-zx5n-czhy-6qgu", "summary": "In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00042.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00042.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12387.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12387.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12387", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66831", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66807", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66768", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66873", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66886", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66867", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66853", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66804", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.6684", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12387" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12387", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12387" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-6cc5-2vg4-cc7m", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6cc5-2vg4-cc7m" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-128.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-128.yaml" }, { "reference_url": "https://github.com/twisted/twisted", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted" }, { "reference_url": "https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2" }, { "reference_url": "https://labs.twistedmatrix.com/2019/06/twisted-1921-released.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://labs.twistedmatrix.com/2019/06/twisted-1921-released.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N/" }, { "reference_url": "https://twistedmatrix.com/pipermail/twisted-python/2019-June/032352.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://twistedmatrix.com/pipermail/twisted-python/2019-June/032352.html" }, { "reference_url": "https://usn.ubuntu.com/4308-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4308-1" }, { "reference_url": "https://usn.ubuntu.com/4308-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4308-1/" }, { "reference_url": "https://usn.ubuntu.com/4308-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4308-2" }, { "reference_url": "https://usn.ubuntu.com/4308-2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4308-2/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1719501", "reference_id": "1719501", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1719501" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930389", "reference_id": "930389", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930389" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12387", "reference_id": "CVE-2019-12387", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1091", "reference_id": "RHSA-2020:1091", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1091" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8611?format=api", "purl": "pkg:pypi/twisted@19.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-562c-1hjs-hqau" }, { "vulnerability": "VCID-7d7z-nhf1-kyhc" }, { "vulnerability": "VCID-f9bv-6a83-eyb7" }, { "vulnerability": "VCID-qavz-rft9-7bfb" }, { "vulnerability": "VCID-qc7c-e5fb-77f1" }, { "vulnerability": "VCID-qtwh-as1r-6ka5" }, { "vulnerability": "VCID-rzad-s8tu-47gm" }, { "vulnerability": "VCID-szfx-665h-w3eb" }, { "vulnerability": "VCID-tec3-uqmg-tueq" }, { "vulnerability": "VCID-vcw1-fzw7-43f5" }, { "vulnerability": "VCID-vz8r-fhqf-zudf" }, { "vulnerability": "VCID-y7f5-9nmg-w7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@19.2.1" } ], "aliases": [ "CVE-2019-12387", "GHSA-6cc5-2vg4-cc7m", "PYSEC-2019-128" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zx5n-czhy-6qgu" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@14.0.0" }