Skip to content

Twisted CRLF Injection

Moderate severity GitHub Reviewed Published Jun 10, 2019 to the GitHub Advisory Database • Updated Aug 31, 2023

Package

pip twisted (pip)

Affected versions

< 19.2.1

Patched versions

19.2.1

Description

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

References

Published by the National Vulnerability Database Jun 10, 2019
Reviewed Jun 10, 2019
Published to the GitHub Advisory Database Jun 10, 2019
Last updated Aug 31, 2023

Severity

Moderate
6.1
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weaknesses

CVE ID

CVE-2019-12387

GHSA ID

GHSA-6cc5-2vg4-cc7m

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.