Viktor Chuchurski

2 exploits Active since Jul 2024
CVE-2024-41671 WRITEUP HIGH WRITEUP
Twisted < 24.7.0rc1 - HTTP Request Smuggling via Pipelined Request Mismanagement
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.
CVSS 8.3
CVE-2024-41810 WRITEUP MEDIUM WRITEUP
twisted < 24.7.0rc1 - Reflected Cross-Site Scripting via redirectTo Function
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.
CVSS 6.1