Source: twisted Version: 24.3.0-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for twisted. CVE-2024-41810[0]: | Twisted is an event-based framework for internet applications, | supporting Python 3.6+. The `twisted.web.util.redirectTo` function | contains an HTML injection vulnerability. If application code allows | an attacker to control the redirect URL this vulnerability may | result in Reflected Cross-Site Scripting (XSS) in the redirect | response HTML body. This vulnerability is fixed in 24.7.0rc1. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-41810 https://www.cve.org/CVERecord?id=CVE-2024-41810 [1] https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
