Closed mend-bolt-for-github[bot] closed 2 years ago
:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.
Vulnerable Library - Twisted-20.3.0-cp37-cp37m-manylinux1_x86_64.whl
An asynchronous networking framework written in Python
Library home page: https://files.pythonhosted.org/packages/b8/f9/489416dda6de8ae6419356bf003c10d1ce6fb8377b6a3207b02b3a39c42a/Twisted-20.3.0-cp37-cp37m-manylinux1_x86_64.whl
Path to dependency file: /ci/requirements.txt
Path to vulnerable library: /ci/requirements.txt
Found in HEAD commit: 4365b26096e64c91477237871b08ec9ab84069e1
Vulnerabilities
Details
CVE-2022-21712
### Vulnerable Library - Twisted-20.3.0-cp37-cp37m-manylinux1_x86_64.whlAn asynchronous networking framework written in Python
Library home page: https://files.pythonhosted.org/packages/b8/f9/489416dda6de8ae6419356bf003c10d1ce6fb8377b6a3207b02b3a39c42a/Twisted-20.3.0-cp37-cp37m-manylinux1_x86_64.whl
Path to dependency file: /ci/requirements.txt
Path to vulnerable library: /ci/requirements.txt
Dependency Hierarchy: - :x: **Twisted-20.3.0-cp37-cp37m-manylinux1_x86_64.whl** (Vulnerable Library)
Found in HEAD commit: 4365b26096e64c91477237871b08ec9ab84069e1
Found in base branch: develop
### Vulnerability Detailstwisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.
Publish Date: 2022-02-07
URL: CVE-2022-21712
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx
Release Date: 2022-02-07
Fix Resolution: Twisted - 22.1.0
Step up your Open Source Security Game with WhiteSource [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)