Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.
History

Sat, 28 Sep 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat ansible Automation Platform
CPEs cpe:/a:redhat:ansible_automation_platform:2.4::el8
cpe:/a:redhat:ansible_automation_platform:2.4::el9
Vendors & Products Redhat
Redhat ansible Automation Platform

Wed, 11 Sep 2024 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Twisted
Twisted twisted
CPEs cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*
Vendors & Products Twisted
Twisted twisted

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-07-29T15:41:40.289Z

Updated: 2024-08-02T04:46:52.679Z

Reserved: 2024-07-22T13:57:37.136Z

Link: CVE-2024-41810

cve-icon Vulnrichment

Updated: 2024-08-02T04:46:52.679Z

cve-icon NVD

Status : Modified

Published: 2024-07-29T16:15:05.133

Modified: 2024-11-21T09:33:07.197

Link: CVE-2024-41810

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-07-29T16:24:00Z

Links: CVE-2024-41810 - Bugzilla