{"id":"USN-6575-1","summary":"twisted vulnerabilities","details":"It was discovered that Twisted incorrectly escaped host headers in certain\n404 responses. A remote attacker could possibly use this issue to perform\nHTML and script injection attacks. This issue only affected Ubuntu 20.04\nLTS and Ubuntu 22.04 LTS. (CVE-2022-39348)\n\nIt was discovered that Twisted incorrectly handled response order when\nprocessing multiple HTTP requests. A remote attacker could possibly use\nthis issue to delay responses and manipulate the responses of second\nrequests. (CVE-2023-46137)\n","modified":"2026-04-24T09:45:30.608883Z","published":"2024-01-10T13:39:55Z","related":["UBUNTU-CVE-2022-39348","UBUNTU-CVE-2023-46137"],"upstream":["CVE-2022-39348","CVE-2023-46137","UBUNTU-CVE-2022-39348","UBUNTU-CVE-2023-46137"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6575-1"}],"affected":[{"package":{"name":"twisted","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/twisted@18.9.0-11ubuntu0.20.04.3?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"18.9.0-11ubuntu0.20.04.3"}]}],"versions":["18.9.0-3ubuntu1","18.9.0-5","18.9.0-6","18.9.0-6build1","18.9.0-6ubuntu1","18.9.0-8","18.9.0-11","18.9.0-11ubuntu0.20.04.1","18.9.0-11ubuntu0.20.04.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"python3-twisted","binary_version":"18.9.0-11ubuntu0.20.04.3"},{"binary_name":"python3-twisted-bin","binary_version":"18.9.0-11ubuntu0.20.04.3"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6575-1.json"}},{"package":{"name":"twisted","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/twisted@22.1.0-2ubuntu2.4?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"22.1.0-2ubuntu2.4"}]}],"versions":["20.3.0-7ubuntu1","20.3.0-7ubuntu3","22.1.0-2ubuntu2","22.1.0-2ubuntu2.1","22.1.0-2ubuntu2.3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"python3-twisted","binary_version":"22.1.0-2ubuntu2.4"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6575-1.json"}}],"schema_version":"1.7.5"}