CVE-2019-12387
published 2019-06-10CVE-2019-12387: In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | twisted | < twisted 18.9.0-7 (bookworm) | twisted 18.9.0-7 (bookworm) |
| fedoraproject | fedora | — | — |
| oracle | solaris | — | — |
| oracle | zfs_storage_appliance_kit | — | — |
| twisted | twisted | < 19.2.1 | 19.2.1 |
| twisted | twisted | >= 0 < 18.9.0-7 | 18.9.0-7 |
| twisted | twisted | >= 0 < 18.9.0-7 | 18.9.0-7 |
| twisted | twisted | >= 0 < 18.9.0-7 | 18.9.0-7 |
| twisted | twisted | >= 0 < 18.9.0-7 | 18.9.0-7 |
| twisted | twisted | >= 0 < 19.2.1 | 19.2.1 |
| twisted | twisted | >= 0 < 16.0.0-1ubuntu0.4 | 16.0.0-1ubuntu0.4 |
| twisted | twisted | >= 0 < 17.9.0-2ubuntu0.1 | 17.9.0-2ubuntu0.1 |
| twisted | twisted | >= 0 < 13.2.0-1ubuntu1.2+esm1 | 13.2.0-1ubuntu1.2+esm1 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM