Twisted CRLF Injection
Moderate severity
GitHub Reviewed
Published
Jun 10, 2019
to the GitHub Advisory Database
•
Updated Aug 31, 2023
Description
Published by the National Vulnerability Database
Jun 10, 2019
Reviewed
Jun 10, 2019
Published to the GitHub Advisory Database
Jun 10, 2019
Last updated
Aug 31, 2023
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
References