Vulnerabilities > Twistedmatrix

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-46137 HTTP Request Smuggling vulnerability in Twistedmatrix Twisted
Twisted is an event-based framework for internet applications.
network
low complexity
twistedmatrix CWE-444
5.3
2022-10-26 CVE-2022-39348 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in multiple products
Twisted is an event-based framework for internet applications.
network
low complexity
twistedmatrix debian CWE-80
5.4
2022-04-04 CVE-2022-24801 HTTP Request Smuggling vulnerability in multiple products
Twisted is an event-based framework for internet applications, supporting Python 3.6+.
network
high complexity
twistedmatrix debian fedoraproject oracle CWE-444
8.1
2022-03-03 CVE-2022-21716 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Twisted is an event-based framework for internet applications, supporting Python 3.6+.
7.5
2022-02-07 CVE-2022-21712 Information Exposure vulnerability in multiple products
twisted is an event-driven networking engine written in Python.
network
low complexity
twistedmatrix debian fedoraproject CWE-200
7.5
2022-02-01 CVE-2022-23607 Forced Browsing vulnerability in multiple products
treq is an HTTP library inspired by requests but written on top of Twisted's Agents.
network
low complexity
twistedmatrix debian CWE-425
6.5
2020-03-12 CVE-2020-10109 HTTP Request Smuggling vulnerability in multiple products
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability.
network
low complexity
twistedmatrix fedoraproject debian canonical CWE-444
critical
9.8
2020-03-12 CVE-2020-10108 HTTP Request Smuggling vulnerability in multiple products
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability.
network
low complexity
twistedmatrix fedoraproject debian canonical oracle CWE-444
critical
9.8
2020-03-11 CVE-2016-1000111 Forced Browsing vulnerability in Twistedmatrix Twisted
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
network
low complexity
twistedmatrix CWE-425
5.3
2019-11-12 CVE-2014-7143 Improper Certificate Validation vulnerability in Twistedmatrix Twisted 14.0.0
Python Twisted 14.0 trustRoot is not respected in HTTP client
network
low complexity
twistedmatrix CWE-295
7.5