Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.
History

Mon, 25 Nov 2024 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Twisted
Twisted twisted
CPEs cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:* cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*
Vendors & Products Twistedmatrix
Twistedmatrix twisted
Twisted
Twisted twisted

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-10-25T20:56:27.320Z

Updated: 2024-09-10T14:05:53.980Z

Reserved: 2023-10-16T17:51:35.574Z

Link: CVE-2023-46137

cve-icon Vulnrichment

Updated: 2024-08-02T20:37:39.805Z

cve-icon NVD

Status : Modified

Published: 2023-10-25T21:15:10.237

Modified: 2024-11-25T18:12:24.673

Link: CVE-2023-46137

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-10-25T00:00:00Z

Links: CVE-2023-46137 - Bugzilla