Twisted: >> Twisted Security Vulnerabilities
Python Twisted 14.0 trustRoot is not respected in HTTP client
CVSS Score
7.5
EPSS Score
0.026
Published
2019-11-12
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
CVSS Score
7.4
EPSS Score
0.018
Published
2019-06-16
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
CVSS Score
6.1
EPSS Score
0.025
Published
2019-06-10
Page 2