CVE-2024-41671

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-41671

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41671.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-41671

Aliases

GHSA-c8m8-j448-xjx7

Downstream

DEBIAN-CVE-2024-41671

DLA-3970-1

DSA-5797-1

OESA-2024-1983

OESA-2024-1984

OESA-2024-1985

OESA-2024-1986

OESA-2024-2052

SUSE-SU-2024:2732-1

SUSE-SU-2024:2757-1

SUSE-SU-2024:2860-1

SUSE-SU-2024:2880-1

UBUNTU-CVE-2024-41671

USN-6988-1

USN-6988-2

openSUSE-SU-2024:14228-1

openSUSE-SU-2024:14236-1

Related

Published

2024-07-29T14:37:08Z

Modified

2025-10-15T12:23:38.877017Z

Severity

8.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS Calculator

Summary

twisted.web has disordered HTTP pipeline response

Details

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.

References

Affected packages

Git / github.com/twisted/twisted

Affected ranges

Type: GIT
Repo: https://github.com/twisted/twisted
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2e59e1fb322bc4b20009443f2252ecc6d7c79f80

Affected versions

Other

before-black

twisted-16.*

twisted-16.2.0

twisted-16.3.0

twisted-16.4.0

twisted-16.4.1

twisted-16.5.0

twisted-16.6.0

twisted-17.*

twisted-17.1.0

twisted-17.5.0

twisted-17.9.0

twisted-18.*

twisted-18.4.0

twisted-18.7.0

twisted-18.9.0

twisted-19.*

twisted-19.2.0

twisted-19.7.0

twisted-20.*

twisted-20.11.0.dev6

twisted-21.*

twisted-21.2.0

twisted-21.2.0rc1

twisted-21.7.0

twisted-21.7.0rc1

twisted-21.7.0rc2

twisted-21.7.0rc3

twisted-22.*

twisted-22.1.0

twisted-22.1.0rc1

twisted-22.10.0

twisted-22.10.0rc1

twisted-22.2.0

twisted-22.2.0rc1

twisted-22.4.0

twisted-22.4.0rc1

twisted-22.8.0

twisted-22.8.0rc1

twisted-23.*

twisted-23.10.0

twisted-23.10.0rc1

twisted-23.8.0

twisted-23.8.0rc1

twisted-24.*

twisted-24.2.0rc1

twisted-24.3.0

Git / github.com/twisted/twisted

Affected ranges

Type: GIT
Repo: https://github.com/twisted/twisted
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2e59e1fb322bc4b20009443f2252ecc6d7c79f80

Affected versions

Other

before-black

twisted-16.*

twisted-16.2.0

twisted-16.3.0

twisted-16.4.0

twisted-16.4.1

twisted-16.5.0

twisted-16.6.0

twisted-17.*

twisted-17.1.0

twisted-17.5.0

twisted-17.9.0

twisted-18.*

twisted-18.4.0

twisted-18.7.0

twisted-18.9.0

twisted-19.*

twisted-19.2.0

twisted-19.7.0

twisted-20.*

twisted-20.11.0.dev6

twisted-21.*

twisted-21.2.0

twisted-21.2.0rc1

twisted-21.7.0

twisted-21.7.0rc1

twisted-21.7.0rc2

twisted-21.7.0rc3

twisted-22.*

twisted-22.1.0

twisted-22.1.0rc1

twisted-22.10.0

twisted-22.10.0rc1

twisted-22.2.0

twisted-22.2.0rc1

twisted-22.4.0

twisted-22.4.0rc1

twisted-22.8.0

twisted-22.8.0rc1

twisted-23.*

twisted-23.10.0

twisted-23.10.0rc1

twisted-23.8.0

twisted-23.8.0rc1

twisted-24.*

twisted-24.2.0rc1

twisted-24.3.0