twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| Twisted(PyPI) | 11.1.0 | 22.1.0 | N/A |
CVSS Metrics
