{"id":"PYSEC-2019-128","details":"In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.","aliases":["CVE-2019-12387","GHSA-6cc5-2vg4-cc7m"],"modified":"2023-11-08T04:01:03.808700Z","published":"2019-06-10T12:29:00Z","references":[{"type":"WEB","url":"https://twistedmatrix.com/pipermail/twisted-python/2019-June/032352.html"},{"type":"WEB","url":"https://labs.twistedmatrix.com/2019/06/twisted-1921-released.html"},{"type":"FIX","url":"https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00042.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N/"},{"type":"WEB","url":"https://usn.ubuntu.com/4308-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/4308-2/"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-6cc5-2vg4-cc7m"}],"affected":[{"package":{"name":"twisted","ecosystem":"PyPI","purl":"pkg:pypi/twisted"},"ranges":[{"type":"GIT","repo":"https://github.com/twisted/twisted","events":[{"introduced":"0"},{"fixed":"6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"19.2.1"}]}],"versions":["1.0.1","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.1.0","1.1.1","1.2.0","2.1.0","2.4.0","2.5.0","8.0.0","8.0.1","8.1.0","8.2.0","9.0.0","10.0.0","10.1.0","10.2.0","11.0.0","11.1.0","12.0.0","12.1.0","12.2.0","12.3.0","13.0.0","13.1.0","13.2.0","14.0.0","14.0.1","14.0.2","15.0.0","15.1.0","15.2.0","15.2.1","15.3.0","15.4.0","15.5.0","16.0.0","16.1.0","16.1.1","16.2.0","16.3.0","16.3.1","16.3.2","16.4.0","16.4.1","16.5.0rc1","16.5.0rc2","16.5.0","16.6.0rc1","16.6.0","16.7.0rc1","16.7.0rc2","17.1.0rc1","17.1.0","17.5.0","17.9.0rc1","17.9.0","18.4.0rc1","18.4.0","18.7.0rc1","18.7.0rc2","18.7.0","18.9.0rc1","18.9.0","19.2.0rc1","19.2.0rc2","19.2.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/twisted/PYSEC-2019-128.yaml"}}],"schema_version":"1.7.3"}