Skip to main content

Twisted

9 CVEs product

Monthly

CVE-2024-41810 PyPI MEDIUM POC PATCH This Month

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Twisted
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-46137 PyPI MEDIUM POC PATCH This Month

Twisted is an event-based framework for internet applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Request Smuggling Twisted
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-39348 PyPI MEDIUM POC PATCH This Month

Twisted is an event-based framework for internet applications. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Twisted Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2022-24801 PyPI HIGH PATCH This Week

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Python Request Smuggling Twisted Debian Linux +2
NVD GitHub
CVSS 3.1
8.1
EPSS
2.8%
CVE-2022-21716 PyPI HIGH POC PATCH This Week

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Python Twisted Debian Linux Http Server +2
NVD GitHub
CVSS 3.1
7.5
EPSS
3.6%
CVE-2020-10109 PyPI CRITICAL POC PATCH Act Now

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Twisted Fedora Debian Linux +1
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2020-10108 PyPI CRITICAL POC PATCH Act Now

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Request Smuggling Information Disclosure Twisted Fedora Debian Linux +3
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2019-12855 PyPI HIGH PATCH This Week

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Twisted
NVD GitHub
CVSS 3.0
7.4
EPSS
1.8%
CVE-2019-12387 PyPI MEDIUM POC PATCH This Month

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Twisted Fedora Ubuntu Linux Zfs Storage Appliance Kit +1
NVD GitHub
CVSS 3.1
6.1
EPSS
2.5%
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Twisted
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

Twisted is an event-based framework for internet applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Request Smuggling Twisted
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Twisted is an event-based framework for internet applications. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Twisted Debian Linux
NVD GitHub
EPSS 3% CVSS 8.1
HIGH PATCH This Week

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Python Request Smuggling +4
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Python Twisted +4
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Twisted +3
NVD
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Request Smuggling Information Disclosure Twisted +5
NVD
EPSS 2% CVSS 7.4
HIGH PATCH This Week

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Twisted
NVD GitHub
EPSS 3% CVSS 6.1
MEDIUM POC PATCH This Month

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Twisted Fedora +3
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy