In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| Twisted(PyPI) | 0 | 20.3.0 | N/A |
CVSS Metrics
