{"id":"CVE-2019-12387","details":"In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.","aliases":["GHSA-6cc5-2vg4-cc7m","PYSEC-2019-128"],"modified":"2026-04-16T04:39:08.772608517Z","published":"2019-06-10T12:29:00.287Z","related":["SUSE-SU-2019:1731-1","SUSE-SU-2019:2066-1","SUSE-SU-2022:4074-1","openSUSE-SU-2019:1760-1","openSUSE-SU-2019:1785-1","openSUSE-SU-2024:11212-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00042.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4308-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4308-2/"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"FIX","url":"https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2"},{"type":"EVIDENCE","url":"https://twistedmatrix.com/pipermail/twisted-python/2019-June/032352.html"},{"type":"EVIDENCE","url":"https://labs.twistedmatrix.com/2019/06/twisted-1921-released.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/twisted/twisted","events":[{"introduced":"0"},{"fixed":"c0776850e756adfcdc179a7fd9e4c8f5cbc4838d"},{"introduced":"0"},{"last_affected":"c0a51509974e995537212efc5074140388585da6"},{"fixed":"6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"19.2.1"},{"introduced":"0"},{"last_affected":"19.10"}]}}],"versions":["before-black","twisted-19.10.0","twisted-19.2.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"29"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"8.8"}]},{"events":[{"introduced":"0"},{"last_affected":"11"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12387.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}