| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-12387 | 4.3 |
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
|
28-02-2023 - 20:47 | 10-06-2019 - 12:29 | |
| CVE-2020-10108 | 7.5 |
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as
|
01-04-2022 - 14:06 | 12-03-2020 - 13:15 | |
| CVE-2020-10109 | 7.5 |
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipel
|
01-04-2022 - 14:03 | 12-03-2020 - 13:15 | |
| CVE-2016-1000111 | 5.0 |
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote
|
13-03-2020 - 20:04 | 11-03-2020 - 20:15 |