It was discovered that Twisted incorrectly escaped host headers in certain 404 responses. A remote attacker could possibly use this issue to perform HTML and script injection attacks. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-39348)
It was discovered that Twisted incorrectly handled response order when processing multiple HTTP requests. A remote attacker could possibly use this issue to delay responses and manipulate the responses of second requests. (CVE-2023-46137)
{ "availability": "No subscription required", "binaries": [ { "binary_name": "python3-twisted", "binary_version": "18.9.0-11ubuntu0.20.04.3" }, { "binary_name": "python3-twisted-bin", "binary_version": "18.9.0-11ubuntu0.20.04.3" }, { "binary_name": "python3-twisted-bin-dbg", "binary_version": "18.9.0-11ubuntu0.20.04.3" }, { "binary_name": "twisted-doc", "binary_version": "18.9.0-11ubuntu0.20.04.3" } ] }