In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| Twisted(PyPI) | 0 | 20.3.0 | N/A |
CVSS Metrics
