Twisted CRLF Injection
Moderate severity
GitHub Reviewed
Published
Jun 10, 2019
to the GitHub Advisory Database
•
Updated Nov 25, 2024
Description
Published by the National Vulnerability Database
Jun 10, 2019
Reviewed
Jun 10, 2019
Published to the GitHub Advisory Database
Jun 10, 2019
Last updated
Nov 25, 2024
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
References