GHSA-92x2-jw7w-xvvx

Source

https://github.com/advisories/GHSA-92x2-jw7w-xvvx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-92x2-jw7w-xvvx/GHSA-92x2-jw7w-xvvx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-92x2-jw7w-xvvx

Aliases

Published

2022-02-07T22:36:00Z

Modified

2024-02-20T05:34:24.273970Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Cookie and header exposure in twisted

Details

Impact

Cookie and Authorization headers are leaked when following cross-origin redirects in twited.web.client.RedirectAgent and twisted.web.client.BrowserLikeRedirectAgent.

References

Affected packages

PyPI / twisted

Package

Name: twisted; View open source insights on deps.dev
Purl: pkg:pypi/twisted

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11.1

Fixed

22.1

Affected versions

11.*

11.1.0

12.*

12.0.0

12.1.0

12.2.0

12.3.0

13.*

13.0.0

13.1.0

13.2.0

14.*

14.0.0

14.0.1

14.0.2

15.*

15.0.0

15.1.0

15.2.0

15.2.1

15.3.0

15.4.0

15.5.0

16.*

16.0.0

16.1.0

16.1.1

16.2.0

16.3.0

16.3.1

16.3.2

16.4.0

16.4.1

16.5.0rc1

16.5.0rc2

16.5.0

16.6.0rc1

16.6.0

16.7.0rc1

16.7.0rc2

17.*

17.1.0rc1

17.1.0

17.5.0

17.9.0rc1

17.9.0

18.*

18.4.0rc1

18.4.0

18.7.0rc1

18.7.0rc2

18.7.0

18.9.0rc1

18.9.0

19.*

19.2.0rc1

19.2.0rc2

19.2.0

19.2.1

19.7.0rc1

19.7.0

19.10.0rc1

19.10.0

20.*

20.3.0rc1

20.3.0

21.*

21.2.0rc1

21.2.0

21.7.0rc1

21.7.0rc2

21.7.0rc3

21.7.0

22.*

22.1.0rc1