VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-udmg-vnpc-aaag

Essentials
Severities (148)
References (34)
Severity details (52)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-udmg-vnpc-aaag
Aliases	CVE-2022-24801 GHSA-c2jg-hw38-jrqq PYSEC-2022-195
Summary	Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-444	Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
rhas	Important	https://access.redhat.com/errata/RHSA-2022:1645
rhas	Important	https://access.redhat.com/errata/RHSA-2022:1646
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4930
cvssv3	8.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24801.json
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00249	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00249	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00249	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00249	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00249	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00249	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00249	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00249	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00249	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00249	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00249	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00249	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00249	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00276	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00278	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00278	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00357	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00357	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00357	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00357	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00462	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00502	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00502	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00502	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00703	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00703	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00743	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00880	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00880	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00880	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00880	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00880	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00880	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00880	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00880	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00880	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.00880	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.01229	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
epss	0.01645	https://api.first.org/data/v1/epss?cve=CVE-2022-24801
rhbs	high	https://bugzilla.redhat.com/show_bug.cgi?id=2073114
cvssv3.1	6.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-c2jg-hw38-jrqq
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-c2jg-hw38-jrqq
cvssv3.1	8.1	https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-195.yaml
generic_textual	CRITICAL	https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-195.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-195.yaml
cvssv3.1	6.1	https://github.com/twisted/twisted
cvssv3.1	8.1	https://github.com/twisted/twisted
generic_textual	CRITICAL	https://github.com/twisted/twisted
generic_textual	MODERATE	https://github.com/twisted/twisted
cvssv3.1	8.1	https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac
generic_textual	CRITICAL	https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac
generic_textual	HIGH	https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac
ssvc	Track	https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac
cvssv3.1	8.1	https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1
generic_textual	CRITICAL	https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1
generic_textual	HIGH	https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1
ssvc	Track	https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1
cvssv3.1	8.1	https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq
cvssv3.1_qr	CRITICAL	https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq
cvssv3.1_qr	HIGH	https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq
generic_textual	CRITICAL	https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq
ssvc	Track	https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq
cvssv3.1	8.1	https://lists.debian.org/debian-lts-announce/2022/05/msg00003.html
generic_textual	CRITICAL	https://lists.debian.org/debian-lts-announce/2022/05/msg00003.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2022/05/msg00003.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2022/05/msg00003.html
cvssv3.1	8.1	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
generic_textual	CRITICAL	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
cvssv3.1	8.1	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/
cvssv3.1	8.1	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
generic_textual	CRITICAL	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
cvssv3.1	8.1	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/
cvssv3.1	8.1	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
generic_textual	CRITICAL	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
cvssv3.1	8.1	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
generic_textual	CRITICAL	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
cvssv2	6.8	https://nvd.nist.gov/vuln/detail/CVE-2022-24801
cvssv3	8.1	https://nvd.nist.gov/vuln/detail/CVE-2022-24801
cvssv3.1	8.1	https://nvd.nist.gov/vuln/detail/CVE-2022-24801
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2022-24801
archlinux	Medium	https://security.archlinux.org/AVG-2663
cvssv3.1	7.5	https://www.oracle.com/security-alerts/cpujul2022.html
cvssv3.1	8.1	https://www.oracle.com/security-alerts/cpujul2022.html
generic_textual	CRITICAL	https://www.oracle.com/security-alerts/cpujul2022.html
generic_textual	HIGH	https://www.oracle.com/security-alerts/cpujul2022.html
ssvc	Track	https://www.oracle.com/security-alerts/cpujul2022.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24801.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-24801
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24801
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-195.yaml
		https://github.com/twisted/twisted
		https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac
		https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1
		https://lists.debian.org/debian-lts-announce/2022/05/msg00003.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/
		https://www.oracle.com/security-alerts/cpujul2022.html
1009030		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009030
2073114		https://bugzilla.redhat.com/show_bug.cgi?id=2073114
AVG-2663		https://security.archlinux.org/AVG-2663
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*
cpe:2.3:a:twistedmatrix:twisted::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:twistedmatrix:twisted::::::::
cpe:2.3:a:twisted:twisted::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:twisted:twisted::::::::
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:::::::*
cpe:2.3:o:fedoraproject:fedora:36:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:::::::*
CVE-2022-24801		https://nvd.nist.gov/vuln/detail/CVE-2022-24801
GHSA-c2jg-hw38-jrqq		https://github.com/advisories/GHSA-c2jg-hw38-jrqq
GHSA-c2jg-hw38-jrqq		https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq
RHSA-2022:1645		https://access.redhat.com/errata/RHSA-2022:1645
RHSA-2022:1646		https://access.redhat.com/errata/RHSA-2022:1646
RHSA-2022:4930		https://access.redhat.com/errata/RHSA-2022:4930
USN-5576-1		https://usn.ubuntu.com/5576-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24801.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-195.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/twisted/twisted

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/twisted/twisted

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/ Found at https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/ Found at https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/ Found at https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2022/05/msg00003.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/ Found at https://lists.debian.org/debian-lts-announce/2022/05/msg00003.html

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24801

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24801

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24801

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.oracle.com/security-alerts/cpujul2022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpujul2022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:54:49Z/ Found at https://www.oracle.com/security-alerts/cpujul2022.html

Exploit Prediction Scoring System (EPSS)

Percentile	0.44055
EPSS Score	0.00238
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.