diff options
| author | Sascha Biberhofer <ports@skyforge.at> | 2022-02-13 09:05:02 +0000 |
|---|---|---|
| committer | Kai Knoblich <kai@FreeBSD.org> | 2022-02-13 09:14:32 +0000 |
| commit | 78783e7e45213fa7bb27f58e35858e13c780aeba (patch) | |
| tree | 5ffd93355784041a5499910580e03b88618fac3e | |
| parent | 34efa0eb85c6d17f3e86e0e3b62e91f63e263cd2 (diff) | |
| download | ports-78783e7e45213fa7bb27f58e35858e13c780aeba.tar.gz ports-78783e7e45213fa7bb27f58e35858e13c780aeba.zip | |
security/vuxml: Document devel/py-twisted vulnerabilities
PR: 261791
| -rw-r--r-- | security/vuxml/vuln-2022.xml | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index 5e3a5b38499a..c66aca81ecf8 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,31 @@ + <vuln vid="24049967-88ec-11ec-88f5-901b0e934d69"> + <topic>py-twisted -- cookie and authorization headers are leaked when following cross-origin redirects</topic> + <affects> + <package> + <name>py37-twisted</name> + <name>py38-twisted</name> + <name>py39-twisted</name> + <name>py310-twisted</name> + <range><lt>22.1.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Twisted developers report:</p> + <blockquote cite="https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx"> + <p> Cookie and Authorization headers are leaked when following cross-origin redirects in <code>twited.web.client.RedirectAgent</code> and <code>twisted.web.client.BrowserLikeRedirectAgent</code>.</p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx</url> + </references> + <dates> + <discovery>2022-02-07</discovery> + <entry>2022-02-13</entry> + </dates> + </vuln> + <vuln vid="d923fb0c-8c2f-11ec-aa85-0800270512f4"> <topic>zsh -- Arbitrary command execution vulnerability</topic> <affects> |