Twisted.web Vulnerability Could Lead to Information Disclosure
CVE-2024-41671

8.3HIGH

Key Information:

Vendor

Twisted

Status
Twisted
Vendor
CVE Published:
29 July 2024

What is CVE-2024-41671?

The Twisted framework, an event-driven architecture for internet applications using Python, exhibits a vulnerability within its HTTP server module that allows for the out-of-order processing of pipelined HTTP requests. This flaw can potentially lead to the exposure of sensitive information. Users and developers utilizing Twisted should upgrade to version 24.7.0rc1 or later to mitigate this risk.

Affected Version(s)

twisted <= 24.3.0

References

https://github.com/twisted/twisted/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/twisted/twisted/commit/046a164f89a0f08...
x_refsource_MISC
https://github.com/twisted/twisted/commit/4a930de12fb67e8...
x_refsource_MISC

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.