Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS04cjk5LWg4ajItcnc2NM4AAvMG

Twisted vulnerable to HTTP Request Smuggling Attacks

Twisted Web is vulnerable to request smuggling attacks:

"When presented with two content-length headers, Twisted Web ignored the first header. When the second content-length was set to zero this caused Twisted Web to interpret the request body as a pipelined request. According to RFC 7230 Section 3.3.3#4, if a message is received with multiple content-length headers with differing value, then the server must reject the message with a 400 response." (Jake Miller of Bishop Fox Security)
" When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted by Twisted Web as a pipelined request. According to RFC 7230 Section 3.3.3#3, if a message with both content-length and chunked encoding is accepted, transfer-encoding overrides the content-length." (Jake Miller of Bishop Fox Security)
~~"Twisted should not allow BWS between the filed-name and colon." (ZeddYu Lu)~~ closed in 9646
"Two CL header with different values is also not allowed." (ZeddYu Lu)
"Only accept identity and chunked Transport-Encoding." (ZeddYu Lu)

N/A

Permalink: https://github.com/advisories/GHSA-8r99-h8j2-rw64
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04cjk5LWg4ajItcnc2NM4AAvMG
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 12 months ago
Updated: 9 months ago

Identifiers: GHSA-8r99-h8j2-rw64
References:

Versions: < 20.3.0
Fixed in: 20.3.0