Your submission was sent successfully! Close

CVE-2020-10108

Published: 12 March 2020

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
twisted
Launchpad, Ubuntu, Debian
bionic
Released (17.9.0-2ubuntu0.1)
eoan
Released (18.9.0-3ubuntu1.1)
precise Not vulnerable
(code not present)
trusty
Released (13.2.0-1ubuntu1.2+esm1)
upstream Needs triage

xenial
Released (16.0.0-1ubuntu0.4)