First published: Tue Nov 12 2019(Updated: )
Python Twisted 14.0 trustRoot is not respected in HTTP client
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Twistedmatrix Twisted | =14.0.0 | |
pip/twisted | =14.0.0 | 14.0.1 |
Twisted Twisted | =14.0.0 | |
debian/twisted | 20.3.0-7+deb11u1 20.3.0-7+deb11u2 22.4.0-4+deb12u1 24.11.0-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-7143 is a vulnerability in Python Twisted 14.0 where the `trustRoot` parameter is not respected in the HTTP client.
CVE-2014-7143 has a severity rating of high, with a severity value of 7.5.
Python Twisted 14.0.0 is affected by CVE-2014-7143.
Users should upgrade to Python Twisted version 14.0.1 or higher to fix CVE-2014-7143.
More information about CVE-2014-7143 can be found at the following references: 1. NIST NVD: [Link](https://nvd.nist.gov/vuln/detail/CVE-2014-7143) 2. Twisted GitHub Commit: [Link](https://github.com/twisted/twisted/commit/3b5942252f5f3e45862a0e12b266ab29e243cc33) 3. Red Hat Bugzilla: [Link](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7143)