Your submission was sent successfully! Close

CVE-2022-21712

Published: 7 February 2022

twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
twisted
Launchpad, Ubuntu, Debian
bionic
Released (17.9.0-2ubuntu0.3)
focal
Released (18.9.0-11ubuntu0.20.04.2)
impish
Released (20.3.0-7ubuntu1.1)
jammy
Released (22.1.0-2ubuntu2)
trusty Needed

upstream
Released (22.1.0)
xenial Needed