twisted.web has disordered HTTP pipeline response

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

HTTP请求的解释不一致性(HTTP请求私运)

Twisted 安全漏洞

Twisted是Twisted Matrix Labs开源的一款使用Python语言编写的事件驱动的开源网络引擎。 Twisted 24.3.0及之前版本存在安全漏洞，该漏洞源于twisted.web提供的HTTP 1.0和1.1服务器会无序处理流水线HTTP请求，从而导致信息泄露。

N/A

N/A