Vulnerabilities > Twistedmatrix > Twisted

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-46137 HTTP Request Smuggling vulnerability in Twistedmatrix Twisted
Twisted is an event-based framework for internet applications.
network
low complexity
twistedmatrix CWE-444
5.3
2022-10-26 CVE-2022-39348 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in multiple products
Twisted is an event-based framework for internet applications.
network
low complexity
twistedmatrix debian CWE-80
5.4
2022-04-04 CVE-2022-24801 HTTP Request Smuggling vulnerability in multiple products
Twisted is an event-based framework for internet applications, supporting Python 3.6+.
network
high complexity
twistedmatrix debian fedoraproject oracle CWE-444
8.1
2022-03-03 CVE-2022-21716 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Twisted is an event-based framework for internet applications, supporting Python 3.6+.
7.5
2022-02-07 CVE-2022-21712 Information Exposure vulnerability in multiple products
twisted is an event-driven networking engine written in Python.
network
low complexity
twistedmatrix debian fedoraproject CWE-200
7.5
2020-03-12 CVE-2020-10109 HTTP Request Smuggling vulnerability in multiple products
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability.
network
low complexity
twistedmatrix fedoraproject debian canonical CWE-444
critical
9.8
2020-03-12 CVE-2020-10108 HTTP Request Smuggling vulnerability in multiple products
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability.
network
low complexity
twistedmatrix fedoraproject debian canonical oracle CWE-444
critical
9.8
2020-03-11 CVE-2016-1000111 Forced Browsing vulnerability in Twistedmatrix Twisted
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
network
low complexity
twistedmatrix CWE-425
5.0
2019-11-12 CVE-2014-7143 Improper Certificate Validation vulnerability in Twistedmatrix Twisted 14.0.0
Python Twisted 14.0 trustRoot is not respected in HTTP client
network
low complexity
twistedmatrix CWE-295
5.0
2019-06-16 CVE-2019-12855 Improper Certificate Validation vulnerability in Twistedmatrix Twisted
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
network
high complexity
twistedmatrix CWE-295
7.4