First published: Sun Jun 16 2019(Updated: )
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Twistedmatrix Twisted | <=19.2.1 | |
pip/twisted | >=0<19.7.0rc1 | 19.7.0rc1 |
Twisted Twisted | <=19.2.1 | |
debian/twisted | 20.3.0-7+deb11u1 20.3.0-7+deb11u2 22.4.0-4+deb12u1 24.11.0-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-12855.
The severity of CVE-2019-12855 is high with a CVSS score of 7.4.
The affected software is Twisted through version 19.2.1.
Yes, a fix is available in Twisted version 19.7.0 or higher.
You can find more information about CVE-2019-12855 in the following references: [link1], [link2], [link3].