CVE-2024-41671

CWE-444HTTP Request Smuggling11 documents7 sources
Severity
8.3HIGH
EPSS
0.1%
top 70.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Twisted Twisted
Timeline
PublishedJul 29
Latest updateNov 26

Description

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.7

Affected Packages4 packages

PyPItwisted< 24.7.0rc1
Debiantwisted< 20.3.0-7+deb11u2+3
Ubuntutwisted< 18.9.0-11ubuntu0.20.04.5+8
CVEListV5twisted/twisted24.3.0

🔴Vulnerability Details

6
OSV
twisted vulnerability2024-11-26
OSV
twisted vulnerabilities2024-09-04
OSV
CVE-2024-41671: Twisted is an event-based framework for internet applications, supporting Python 32024-07-29
GHSA
twisted.web has disordered HTTP pipeline response2024-07-29
OSV
twisted.web has disordered HTTP pipeline response2024-07-29

📋Vendor Advisories

4
Ubuntu
Twisted vulnerability2024-11-26
Ubuntu
Twisted vulnerabilities2024-09-04
Microsoft
twisted.web has disordered HTTP pipeline response2024-07-09
Debian
CVE-2024-41671: twisted - Twisted is an event-based framework for internet applications, supporting Python...2024
CVE-2024-41671 (HIGH CVSS 8.3) | Twisted is an event-based framework | cvebase.io