CVE-2020-10109
Published: 12 March 2020
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.
Priority
CVSS 3 base score: 9.8
Notes
Author | Note |
---|---|
mdeslaur | same commit as CVE-2020-10108 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10109
- https://ubuntu.com/security/notices/USN-4308-1
- https://ubuntu.com/security/notices/USN-4308-2
- NVD
- Launchpad
- Debian