Twisted Web HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2022-21712 - Vulnerability Database

Twisted Web HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2022-21712

High
Reference: CVE-2022-21712
Title: Twisted Web HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the twited.web.RedirectAgent and twisted.web. BrowserLikeRedirectAgent functions. Users are advised to upgrade. There are no known workarounds.