First published: Wed Jan 10 2024(Updated: )
It was discovered that Twisted incorrectly escaped host headers in certain 404 responses. A remote attacker could possibly use this issue to perform HTML and script injection attacks. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-39348) It was discovered that Twisted incorrectly handled response order when processing multiple HTTP requests. A remote attacker could possibly use this issue to delay responses and manipulate the responses of second requests. (CVE-2023-46137)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python3-twisted | <22.4.0-4ubuntu0.23.10.1 | 22.4.0-4ubuntu0.23.10.1 |
Ubuntu | =23.10 | |
All of | ||
ubuntu/python3-twisted | <22.4.0-4ubuntu0.23.04.1 | 22.4.0-4ubuntu0.23.04.1 |
Ubuntu | =23.04 | |
All of | ||
ubuntu/python3-twisted | <22.1.0-2ubuntu2.4 | 22.1.0-2ubuntu2.4 |
Ubuntu | =22.04 | |
All of | ||
ubuntu/python3-twisted | <18.9.0-11ubuntu0.20.04.3 | 18.9.0-11ubuntu0.20.04.3 |
Ubuntu | =20.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
USN-6575-1 is classified as a medium severity vulnerability due to the potential for HTML and script injection attacks.
To fix USN-6575-1, upgrade the python3-twisted package to versions 22.4.0-4ubuntu0.23.10.1 or later for Ubuntu 23.10, 22.4.0-4ubuntu0.23.04.1 or later for Ubuntu 23.04, 22.1.0-2ubuntu2.4 or later for Ubuntu 22.04, or 18.9.0-11ubuntu0.20.04.3 or later for Ubuntu 20.04.
The affected Ubuntu versions include 20.04 LTS, 22.04 LTS, 23.04, and 23.10.
Due to USN-6575-1, a remote attacker could potentially execute HTML and script injection attacks.
USN-6575-1 affects the python3-twisted package in the specified Ubuntu versions.