cbcvebase.
CVE-2024-41671
published 2024-07-29

CVE-2024-41671: Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process…

PriorityP344high8.3CVSS 3.1
AVNACLPRNUINSCCLILAL
EPSS
0.86%
53.8th percentile
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.

Affected

24 ranges
VendorProductVersion rangeFixed in
debiantwisted< twisted 22.4.0-4+deb12u1 (bookworm)twisted 22.4.0-4+deb12u1 (bookworm)
msrcazl3_python-twisted_22.10.0-3_on_azure_linux_3.0
msrcazl3_python-twisted_22.10.0-4_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_python-twisted_22.10.0-3_on_cbl_mariner_2.0
msrccbl2_python-twisted_22.10.0-4_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
twistedtwisted<= 24.3.0
twistedtwisted>= 0 < 20.3.0-7+deb11u220.3.0-7+deb11u2
twistedtwisted>= 0 < 22.4.0-4+deb12u122.4.0-4+deb12u1
twistedtwisted>= 0 < 24.7.0-124.7.0-1
twistedtwisted>= 0 < 24.7.0-124.7.0-1
twistedtwisted>= 0 < 24.7.0rc124.7.0rc1
twistedtwisted>= 0 < 18.9.0-11ubuntu0.20.04.518.9.0-11ubuntu0.20.04.5
twistedtwisted>= 0 < 18.9.0-11ubuntu0.20.04.418.9.0-11ubuntu0.20.04.4
twistedtwisted>= 0 < 22.1.0-2ubuntu2.622.1.0-2ubuntu2.6
twistedtwisted>= 0 < 22.1.0-2ubuntu2.522.1.0-2ubuntu2.5
twistedtwisted>= 0 < 24.3.0-1ubuntu0.124.3.0-1ubuntu0.1
twistedtwisted>= 0 < 13.2.0-1ubuntu1.2+esm313.2.0-1ubuntu1.2+esm3
twistedtwisted>= 0 < 16.0.0-1ubuntu0.4+esm216.0.0-1ubuntu0.4+esm2
twistedtwisted>= 0 < 17.9.0-2ubuntu0.3+esm217.9.0-2ubuntu0.3+esm2
twistedtwisted>= 0 < 17.9.0-2ubuntu0.3+esm117.9.0-2ubuntu0.3+esm1

CVSS provenance

nvdv3.18.3HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
osv8.3HIGH
vendor_debian8.3HIGH
vendor_msrc8.3HIGH
vendor_ubuntu8.3HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.