Skip to content

Cookie and Authorization headers are sent when following a cross-origin redirect with twisted.web.client

Moderate
adiroiban published GHSA-92x2-jw7w-xvvx Feb 7, 2022

Package

pip twisted (pip)

Affected versions

>= 11.1

Patched versions

>=22.1

Description

Impact

Cookie and Authorization headers are leaked when following cross-origin redirects in twited.web.client.RedirectAgent and twisted.web.client.BrowserLikeRedirectAgent.

Severity

Moderate

CVE ID

CVE-2022-21712

Weaknesses

Credits