Attachment 231645 Details for Bug 261791 – vuln-2022.xml diff for py-twisted

[patch] vuln-2022.xml diff for py-twisted

py-twisted-vuln-2022-xml.diff (text/plain), 1.37 KB, created by Sascha Biberhofer on 2022-02-08 14:47:36 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Sascha Biberhofer

Created: 2022-02-08 14:47:36 UTC

Size: 1.37 KB

patch

obsolete

>diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml
>index 3c5d68cad56b..531ab516ace6 100644
>--- a/security/vuxml/vuln-2022.xml
>+++ b/security/vuxml/vuln-2022.xml
>@@ -1,3 +1,31 @@
>+  <vuln vid="24049967-88ec-11ec-88f5-901b0e934d69">
>+    <topic>py-twisted -- cookie and authorization headers are leaked when following cross-origin redirects</topic>
>+    <affects>
>+      <package>
>+	<name>py37-twisted</name>
>+	<name>py38-twisted</name>
>+	<name>py39-twisted</name>
>+	<name>py310-twisted</name>
>+	<range><lt>22.1.0</lt></range>
>+      </package>
>+    </affects>
>+    <description>
>+      <body xmlns="http://www.w3.org/1999/xhtml">
>+	<p>Twisted developers report:</p>
>+	<blockquote cite="https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx">
>+	  <p> Cookie and Authorization headers are leaked when following cross-origin redirects in <code>twited.web.client.RedirectAgent</code> and <code>twisted.web.client.BrowserLikeRedirectAgent</code>.</p>
>+	</blockquote>
>+      </body>
>+    </description>
>+    <references>
>+      <url>https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx</url>
>+    </references>
>+    <dates>
>+      <discovery>2022-02-07</discovery>
>+      <entry>2022-02-08</entry>
>+    </dates>
>+  </vuln>
>+
>   <vuln vid="fc2a9541-8893-11ec-9d01-80ee73419af3">
>     <topic>xrdp -- privilege escalation</topic>
>     <affects>

Actions: View | Diff

Attachments on bug 261791: 231643 | 231645 | 231704