Homepage

twisted@26.4.0

An asynchronous networking framework written in Python

  • latest version

    26.4.0

  • first published

    20 years ago

  • latest version published

    13 days ago

  • licenses detected

  • View twisted package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the twisted package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Arbitrary Command Injection

    Twisted is an event-based network programming and multi-protocol integration framework.

    Affected versions of this package are vulnerable to Arbitrary Command Injection via improper input sanitization in the file upload process. An attacker can execute arbitrary commands on the target system by sending a specially crafted HTTP PUT request to upload a malicious file and subsequently triggering its execution. This can result in remote code execution and potential privilege escalation depending on the web server's permissions.

    How to fix Arbitrary Command Injection?

    There is no fixed version for Twisted.

    [0,)
    Go back to all versions of this package