USN-6575-1

Source
https://ubuntu.com/security/notices/USN-6575-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-6575-1.json
Related
Published
2024-01-10T13:39:55.975325Z
Modified
2024-01-10T13:39:55.975325Z
Summary
twisted vulnerabilities
Details

It was discovered that Twisted incorrectly escaped host headers in certain 404 responses. A remote attacker could possibly use this issue to perform HTML and script injection attacks. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-39348)

It was discovered that Twisted incorrectly handled response order when processing multiple HTTP requests. A remote attacker could possibly use this issue to delay responses and manipulate the responses of second requests. (CVE-2023-46137)

References

Affected packages

Ubuntu:20.04:LTS / twisted

Package

Name
twisted

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
18.9.0-11ubuntu0.20.04.3

Ecosystem specific 

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "twisted-doc": "18.9.0-11ubuntu0.20.04.3",
            "python3-twisted": "18.9.0-11ubuntu0.20.04.3",
            "python3-twisted-bin": "18.9.0-11ubuntu0.20.04.3"
        }
    ]
}

Ubuntu:22.04:LTS / twisted

Package

Name
twisted

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
22.1.0-2ubuntu2.4

Ecosystem specific 

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "twisted-doc": "22.1.0-2ubuntu2.4",
            "python3-twisted": "22.1.0-2ubuntu2.4"
        }
    ]
}

Ubuntu:23.10 / twisted

Package

Name
twisted

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
22.4.0-4ubuntu0.23.10.1

Ecosystem specific 

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "twisted-doc": "22.4.0-4ubuntu0.23.10.1",
            "python3-twisted": "22.4.0-4ubuntu0.23.10.1"
        }
    ]
}