CVE-2019-12855 – twisted

Package

Manager: pip
Name: twisted
Vulnerable Version: >=0 <19.7.0rc1

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00514 pctl0.65588

Details

Improper Certificate Validation in Twisted In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

Metadata

Created: 2019-08-16T14:02:35Z
Modified: 2024-11-25T19:24:13Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/08/GHSA-65rm-h285-5cc5/GHSA-65rm-h285-5cc5.json
CWE IDs: ["CWE-295"]
Alternative ID: GHSA-65rm-h285-5cc5
Finding: F163
Auto approve: 1