{"id":"PYSEC-2022-27","details":"twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.","aliases":["CVE-2022-21712","GHSA-92x2-jw7w-xvvx"],"modified":"2023-11-08T04:08:09.047388Z","published":"2022-02-07T22:15:00Z","references":[{"type":"FIX","url":"https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2"},{"type":"WEB","url":"https://github.com/twisted/twisted/releases/tag/twisted-22.1.0"},{"type":"ADVISORY","url":"https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21712"},{"type":"PACKAGE","url":"https://pypi.org/project/Twisted/"}],"affected":[{"package":{"name":"twisted","ecosystem":"PyPI","purl":"pkg:pypi/twisted"},"ranges":[{"type":"GIT","repo":"https://github.com/twisted/twisted","events":[{"introduced":"0"},{"fixed":"af8fe78542a6f2bf2235ccee8158d9c88d31e8e2"}]},{"type":"ECOSYSTEM","events":[{"introduced":"11.1.0"},{"fixed":"22.1.0"}]}],"versions":["11.1.0","12.0.0","12.1.0","12.2.0","12.3.0","13.0.0","13.1.0","13.2.0","14.0.0","14.0.1","14.0.2","15.0.0","15.1.0","15.2.0","15.2.1","15.3.0","15.4.0","15.5.0","16.0.0","16.1.0","16.1.1","16.2.0","16.3.0","16.3.1","16.3.2","16.4.0","16.4.1","16.5.0","16.5.0rc1","16.5.0rc2","16.6.0","16.6.0rc1","16.7.0rc1","16.7.0rc2","17.1.0","17.1.0rc1","17.5.0","17.9.0","17.9.0rc1","18.4.0","18.4.0rc1","18.7.0","18.7.0rc1","18.7.0rc2","18.9.0","18.9.0rc1","19.10.0","19.10.0rc1","19.2.0","19.2.0rc1","19.2.0rc2","19.2.1","19.7.0","19.7.0rc1","20.3.0","20.3.0rc1","21.2.0","21.2.0rc1","21.7.0","21.7.0rc1","21.7.0rc2","21.7.0rc3","22.1.0rc1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/twisted/PYSEC-2022-27.yaml"}}],"schema_version":"1.7.3"}