Your submission was sent successfully! Close

CVE-2020-10109

Published: 12 March 2020

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
twisted
Launchpad, Ubuntu, Debian
bionic
Released (17.9.0-2ubuntu0.1)
eoan
Released (18.9.0-3ubuntu1.1)
precise Not vulnerable
(code not present)
trusty
Released (13.2.0-1ubuntu1.2+esm1)
upstream Needs triage

xenial
Released (16.0.0-1ubuntu0.4)