Msrc Cbl2 Python-Twisted 22.2.0-1 On Cbl Mariner 2.0 vulnerabilities

4 known vulnerabilities affecting msrc/cbl2_python-twisted_22.2.0-1_on_cbl_mariner_2.0.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2

Vulnerabilities

Page 1 of 1
CVE-2022-21712HIGHCVSS 7.52022-02-08
CVE-2022-21712 [HIGH] CWE-200 Cookie and header exposure in twisted Cookie and header exposure in twisted FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is
msrc
CVE-2020-10109CRITICALCVSS 9.82020-03-10
CVE-2020-10109 [CRITICAL] CWE-444 In Twisted Web through 19.10.0 there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header the content-length took precedence and the remainde In Twisted Web through 19.10.0 there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header the content-length took precedence and the remainder of the request body was interpreted as a pipelined request. FA
msrc
CVE-2020-10108CRITICALCVSS 9.82020-03-10
CVE-2020-10108 [CRITICAL] CWE-444 In Twisted Web through 19.10.0 there was an HTTP request splitting vulnerability. When presented with two content-length headers it ignored the first header. When the second content-length value was s In Twisted Web through 19.10.0 there was an HTTP request splitting vulnerability. When presented with two content-length headers it ignored the first header. When the second content-length value was set to zero the request body was interpreted as a pipelined reques
msrc
CVE-2019-12855HIGHCVSS 7.42019-06-11
CVE-2019-12855 [HIGH] CWE-295 In words.protocols.jabber.xmlstream in Twisted through 19.2.1 XMPP support did not verify certificates when used with TLS allowing an attacker to MITM connections. In words.protocols.jabber.xmlstream in Twisted through 19.2.1 XMPP support did not verify certificates when used with TLS allowing an attacker to MITM connections. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerabi
msrc