CVE-2019-12387 – twisted

Package

Manager: pip
Name: twisted
Vulnerable Version: >=0 <19.2.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00869 pctl0.74314

Details

Twisted CRLF Injection In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

Metadata

Created: 2019-06-10T18:05:06Z
Modified: 2024-11-25T18:33:21Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/06/GHSA-6cc5-2vg4-cc7m/GHSA-6cc5-2vg4-cc7m.json
CWE IDs: ["CWE-74", "CWE-93"]
Alternative ID: GHSA-6cc5-2vg4-cc7m
Finding: F184
Auto approve: 1