UBUNTU-CVE-2022-39348

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-39348

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-39348.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-39348

Related

Published

2022-10-26T20:15:00Z

Modified

2024-10-15T14:10:10Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds.

References

Affected packages

Ubuntu:Pro:14.04:LTS / twisted

Package

Name: twisted
Purl: pkg:deb/ubuntu/twisted?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

13.*

13.0.0-1ubuntu1

13.2.0-1ubuntu1

13.2.0-1ubuntu1.2

13.2.0-1ubuntu1.2+esm1

13.2.0-1ubuntu1.2+esm2

13.2.0-1ubuntu1.2+esm3

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:16.04:LTS / twisted

Package

Name: twisted
Purl: pkg:deb/ubuntu/twisted?arch=src?distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

15.*

15.2.1-1ubuntu2

15.5.0-1

15.5.0-2

15.5.0-2ubuntu1

15.5.0-4

16.*

16.0.0~pre1-1

16.0.0~pre1-1ubuntu1

16.0.0~pre1-2ubuntu1

16.0.0~pre1-3

16.0.0-1

16.0.0-1ubuntu0.2

16.0.0-1ubuntu0.4

16.0.0-1ubuntu0.4+esm1

16.0.0-1ubuntu0.4+esm2

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:18.04:LTS / twisted

Package

Name: twisted
Purl: pkg:deb/ubuntu/twisted?arch=src?distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

16.*

16.6.0-2ubuntu3

17.*

17.9.0-1

17.9.0-2

17.9.0-2ubuntu0.1

17.9.0-2ubuntu0.3

17.9.0-2ubuntu0.3+esm1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:20.04:LTS / twisted

Package

Name: twisted
Purl: pkg:deb/ubuntu/twisted?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.9.0-11ubuntu0.20.04.3

Affected versions

18.*

18.9.0-3ubuntu1

18.9.0-5

18.9.0-6

18.9.0-6build1

18.9.0-6ubuntu1

18.9.0-8

18.9.0-11

18.9.0-11ubuntu0.20.04.1

18.9.0-11ubuntu0.20.04.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "18.9.0-11ubuntu0.20.04.3",
            "binary_name": "python3-twisted"
        },
        {
            "binary_version": "18.9.0-11ubuntu0.20.04.3",
            "binary_name": "python3-twisted-bin"
        },
        {
            "binary_version": "18.9.0-11ubuntu0.20.04.3",
            "binary_name": "python3-twisted-bin-dbg"
        },
        {
            "binary_version": "18.9.0-11ubuntu0.20.04.3",
            "binary_name": "twisted-doc"
        }
    ]
}

Ubuntu:22.04:LTS / twisted

Package

Name: twisted
Purl: pkg:deb/ubuntu/twisted?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

22.1.0-2ubuntu2.4

Affected versions

20.*

20.3.0-7ubuntu1

20.3.0-7ubuntu3

22.*

22.1.0-2ubuntu2

22.1.0-2ubuntu2.1

22.1.0-2ubuntu2.3

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "22.1.0-2ubuntu2.4",
            "binary_name": "python3-twisted"
        },
        {
            "binary_version": "22.1.0-2ubuntu2.4",
            "binary_name": "twisted-doc"
        }
    ]
}

Ubuntu:24.04:LTS / twisted

Package

Name: twisted
Purl: pkg:deb/ubuntu/twisted?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

22.4.0-4

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "22.4.0-4",
            "binary_name": "python3-twisted"
        },
        {
            "binary_version": "22.4.0-4",
            "binary_name": "twisted-doc"
        }
    ]
}