Vulnerability DatabaseCVE-2024-41671
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-41671
July 29, 2024
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.
Related Resources (8)
https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33
https://nvd.nist.gov/vuln/detail/CVE-2024-41671
https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html
https://github.com/twisted/twisted
https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc
https://security-tracker.debian.org/tracker/CVE-2024-41671
https://www.vicarius.io/vsociety/posts/disordered-http-pipeline-in-twistedweb-cve-2024-4167
https://github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
LOW
Subsequent System Integrity
LOW
Subsequent System Availability
LOW
CVSS v3
Base Score:
8.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
Weakness Type (CWE)
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-444
EPSS
Base Score:
0.10