Description
twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.
Remediation
References
Related Vulnerabilities
WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Arbitrary File Upload (0.1.0.38)
Oracle Database Server CVE-2023-21949 Vulnerability (CVE-2023-21949)
Envoy Proxy Use After Free Vulnerability (CVE-2022-29227)
MediaWiki Insertion of Sensitive Information into Log File Vulnerability (CVE-2018-0504)