In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
References
Link | Resource |
---|---|
https://twistedmatrix.com/pipermail/twisted-python/2019-June/032352.html | Exploit Release Notes Vendor Advisory |
https://labs.twistedmatrix.com/2019/06/twisted-1921-released.html | Exploit Release Notes Vendor Advisory |
https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2 | Patch Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.html | Broken Link |
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00042.html | Broken Link |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N/ | Mailing List Third Party Advisory |
https://usn.ubuntu.com/4308-1/ | Third Party Advisory |
https://usn.ubuntu.com/4308-2/ | Third Party Advisory |
https://www.oracle.com/security-alerts/cpuapr2020.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2019-06-10 05:29
Updated : 2023-02-28 12:47
NVD link : CVE-2019-12387
Mitre link : CVE-2019-12387
JSON object : View
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Products Affected
oracle
- zfs_storage_appliance_kit
- solaris
fedoraproject
- fedora
canonical
- ubuntu_linux
twistedmatrix
- twisted