Skip to content

Cookie and Authorization headers are sent when following a cross-origin redirect with twisted.web.client

Moderate
adiroiban published GHSA-92x2-jw7w-xvvx Feb 7, 2022

Package

pip twisted (pip)

Affected versions

>= 11.1

Patched versions

>=22.1

Description

Impact

Cookie and Authorization headers are leaked when following cross-origin redirects in twited.web.client.RedirectAgent and twisted.web.client.BrowserLikeRedirectAgent.

Severity

Moderate

CVE ID

CVE-2022-21712

Weaknesses

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Learn more on MITRE.

Credits