FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-twisted -- cookie and authorization headers are leaked when following cross-origin redirects

Affected packages
py310-twisted < 22.1.0
py37-twisted < 22.1.0
py38-twisted < 22.1.0
py39-twisted < 22.1.0

Details

VuXML ID 24049967-88ec-11ec-88f5-901b0e934d69
Discovery 2022-02-07
Entry 2022-02-13

Twisted developers report:

Cookie and Authorization headers are leaked when following cross-origin redirects in twited.web.client.RedirectAgent and twisted.web.client.BrowserLikeRedirectAgent.

[source]

References

URL https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.