Opened 7 months ago

#33836 new defect

Require Twisted 20.3.0 in gettor's requirements.txt

Reported by: teor Owned by:
Priority: Medium Milestone:
Component: Applications/GetTor Version:
Severity: Normal Keywords:
Cc: cohosh, traumschule, hiro, gaba, phw Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Twisted has a HTTP request splitting vulnerability, GetTor is probably affected.

Please update your requirements.txt to depend on Twisted 20.3.0 or later.
(And any downstream packages.)

The GitHub alert is:

The relevant CVEs are:

Child Tickets

Change History (0)

Note: See TracTickets for help on using tickets.