CVE-2019-12387

CWE-74 CWE-93 CWE-11314 documents8 sources

Severity

6.1MEDIUM

EPSS

0.5%

top 33.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Twisted Twisted Canonical Ubuntu Linux Fedoraproject Fedora +2 more

Timeline

PublishedJun 10

Latest updateMar 30

Description

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages6 packages

▶PyPItwisted< 19.2.1

▶NVDtwisted/twisted< 19.2.1

▶Debiantwisted< 18.9.0-7+3

▶Ubuntutwisted< 16.0.0-1ubuntu0.4+2

▶NVDoracle/solaris11

Also affects: Fedora 29, Ubuntu Linux 14.04, 16.04, 18.04, 19.10

Patches

Patch: github.com ↗Patch: www.oracle.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

twisted vulnerabilities↗2020-03-30

▶

OSV

twisted vulnerabilities↗2020-03-19

▶

GHSA

Twisted CRLF Injection↗2019-06-10

▶

OSV

Twisted CRLF Injection↗2019-06-10

▶

OSV

CVE-2019-12387: In Twisted before 19↗2019-06-10

▶

📋Vendor Advisories

Ubuntu

Twisted vulnerabilities↗2020-03-30

▶

Ubuntu

Twisted vulnerabilities↗2020-03-19

▶

Red Hat

python-twisted: Improper neutralization of CRLF characters in URIs and HTTP methods↗2019-06-10

▶

Debian

CVE-2019-12387: twisted - In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP ...↗2019

▶

💬Community

Bugzilla

CVE-2019-12387 python-twisted: Improper neutralization of CRLF characters in URIs and HTTP methods [fedora-all]↗2019-06-12

▶

Bugzilla

CVE-2019-12387 python-twisted: Improper neutralization of CRLF characters in URIs and HTTP methods [openstack-rdo]↗2019-06-12

▶

Bugzilla

CVE-2019-12387 python-twisted: Improper neutralization of CRLF characters in URIs and HTTP methods↗2019-06-12

▶