user/py3-twisted: multiple vulnerabilities
Bugzilla ID | 273 |
Alias(es) | CVE-2020-10108, CVE-2020-10109 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-04-24 15:00:41 -0500 |
Modified | 2020-06-10 11:28:53 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / major |
URL | https://labs.twistedmatrix.com/2020/03/twisted-2030-released.html |
Description
CVE-2020-10109: https://nvd.nist.gov/vuln/detail/CVE-2020-10109
In Twisted Web through 19.10.0, there was an HTTP request splitting
vulnerability. When presented with a content-length and a chunked
encoding header, the content-length took precedence and the remainder
of the request body was interpreted as a pipelined request.
Fixed in >= 20.3.0 https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
CVE-2020-10108: https://nvd.nist.gov/vuln/detail/CVE-2020-10108
In Twisted Web through 19.10.0, there was an HTTP request splitting
vulnerability. When presented with two content-length headers, it
ignored the first header. When the second content-length value was set
to zero, the request body was interpreted as a pipelined request.
Fixed in >= 20.3.0 (same patch)