Search for packages
| purl | pkg:rpm/redhat/python-twisted@16.4.1-19?arch=el8ost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-qc7c-e5fb-77f1
Aliases: CVE-2022-21712 GHSA-92x2-jw7w-xvvx PYSEC-2022-27 |
twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds. | There are no reported fixed by versions. |
|
VCID-z5qm-2n25-e7g4
Aliases: CVE-2022-21716 GHSA-rv6r-3f5q-9rgx PYSEC-2022-160 |
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:59:41.540962+00:00 | RedHat Importer | Affected by | VCID-qc7c-e5fb-77f1 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21712.json | 38.0.0 |
| 2026-04-01T13:59:29.405850+00:00 | RedHat Importer | Affected by | VCID-z5qm-2n25-e7g4 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21716.json | 38.0.0 |