In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.
Information Disclosure
Twisted
NVD
GitHub
CVSS 3.0
7.4
EPSS
1.8%