PYSEC-2022-27

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/twisted/PYSEC-2022-27.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2022-27
Aliases
Published
2022-02-07T22:15:00Z
Modified
2023-11-08T04:08:09.047388Z
Summary
[none]
Details

twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the twited.web.RedirectAgent and twisted.web. BrowserLikeRedirectAgent functions. Users are advised to upgrade. There are no known workarounds.

References

Affected packages

PyPI / twisted

Package

Affected ranges

Type
GIT
Repo
https://github.com/twisted/twisted
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
ECOSYSTEM
Events
Introduced
11.1.0
Fixed
22.1.0

Affected versions

11.*

11.1.0

12.*

12.0.0
12.1.0
12.2.0
12.3.0

13.*

13.0.0
13.1.0
13.2.0

14.*

14.0.0
14.0.1
14.0.2

15.*

15.0.0
15.1.0
15.2.0
15.2.1
15.3.0
15.4.0
15.5.0

16.*

16.0.0
16.1.0
16.1.1
16.2.0
16.3.0
16.3.1
16.3.2
16.4.0
16.4.1
16.5.0rc1
16.5.0rc2
16.5.0
16.6.0rc1
16.6.0
16.7.0rc1
16.7.0rc2

17.*

17.1.0rc1
17.1.0
17.5.0
17.9.0rc1
17.9.0

18.*

18.4.0rc1
18.4.0
18.7.0rc1
18.7.0rc2
18.7.0
18.9.0rc1
18.9.0

19.*

19.2.0rc1
19.2.0rc2
19.2.0
19.2.1
19.7.0rc1
19.7.0
19.10.0rc1
19.10.0

20.*

20.3.0rc1
20.3.0

21.*

21.2.0rc1
21.2.0
21.7.0rc1
21.7.0rc2
21.7.0rc3
21.7.0

22.*

22.1.0rc1