{"id":"PYSEC-2020-260","details":"In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.","aliases":["CVE-2020-10109","GHSA-p5xh-vx83-mxcj"],"modified":"2023-11-08T04:01:57.371289Z","published":"2020-03-12T13:15:00Z","references":[{"type":"ADVISORY","url":"https://know.bishopfox.com/advisories/twisted-version-19.10.0"},{"type":"ADVISORY","url":"https://know.bishopfox.com/advisories"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/"},{"type":"WEB","url":"https://usn.ubuntu.com/4308-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/4308-2/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202007-24"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-p5xh-vx83-mxcj"}],"affected":[{"package":{"name":"twisted","ecosystem":"PyPI","purl":"pkg:pypi/twisted"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20.3.0rc1"}]}],"versions":["1.0.1","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.1.0","1.1.1","1.2.0","10.0.0","10.1.0","10.2.0","11.0.0","11.1.0","12.0.0","12.1.0","12.2.0","12.3.0","13.0.0","13.1.0","13.2.0","14.0.0","14.0.1","14.0.2","15.0.0","15.1.0","15.2.0","15.2.1","15.3.0","15.4.0","15.5.0","16.0.0","16.1.0","16.1.1","16.2.0","16.3.0","16.3.1","16.3.2","16.4.0","16.4.1","16.5.0","16.5.0rc1","16.5.0rc2","16.6.0","16.6.0rc1","16.7.0rc1","16.7.0rc2","17.1.0","17.1.0rc1","17.5.0","17.9.0","17.9.0rc1","18.4.0","18.4.0rc1","18.7.0","18.7.0rc1","18.7.0rc2","18.9.0","18.9.0rc1","19.10.0","19.10.0rc1","19.2.0","19.2.0rc1","19.2.0rc2","19.2.1","19.7.0","19.7.0rc1","2.1.0","2.4.0","2.5.0","8.0.0","8.0.1","8.1.0","8.2.0","9.0.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/twisted/PYSEC-2020-260.yaml"}}],"schema_version":"1.7.3"}