Improper Input Validation in Twisted
Critical severity
GitHub Reviewed
Published
Mar 31, 2020
to the GitHub Advisory Database
•
Updated Nov 25, 2024
Description
Published by the National Vulnerability Database
Mar 12, 2020
Reviewed
Mar 31, 2020
Published to the GitHub Advisory Database
Mar 31, 2020
Last updated
Nov 25, 2024
In Twisted Web before 20.3.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
References