Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
twisted.web has disordered HTTP pipeline response
Vulnerability Description
Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
HTTP请求的解释不一致性(HTTP请求私运)
Vulnerability Title
Twisted 环境问题漏洞
Vulnerability Description
Twisted是一款使用Python语言编写的事件驱动的开源网络引擎。 Twisted 23.10.0rc1之前版本存在安全漏洞,该漏洞源于当在一个TCP数据包中发送多个HTTP请求时,twisted.web将异步处理请求,而不保证响应顺序。
CVSS Information
N/A
Vulnerability Type
N/A