Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Twisted Web HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2022-21712 - Vulnerability Database
Twisted Web HTTP Server

Twisted Web HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2022-21712

High
Reference: CVE-2022-21712
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-21712
Title: Twisted Web HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the twited.web.RedirectAgent and twisted.web. BrowserLikeRedirectAgent functions. Users are advised to upgrade. There are no known workarounds.