CVE-2023-46137
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2023-46137 affects Twisted, an event-driven networking engine for Python. Before version 23.10.0rc1, this software failed to guarantee response order when processing multiple HTTP requests sent in a single TCP packet. Attackers could manipulate the response of the second request by deliberately delaying the response of the first request from a controlled endpoint, potentially leading to unintended consequences for internet applications using Twisted's HTTP pipeline functionality. The vulnerability is resolved in version 23.10.0rc1 with the implementation of a patch.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Twistedmatrix Twisted
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions