You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to dependency file: clusterfuzz/resources/platform/linux/peach/peach_mutator/peach_mutator/requirements.txt
Path to vulnerable library: clusterfuzz/resources/platform/linux/peach/peach_mutator/peach_mutator/requirements.txt,clusterfuzz/src/local/butler/scripts,clusterfuzz/src/python/bot/untrusted_runner/build,clusterfuzz/resources/platform/linux/peach/peach_mutator/peach_mutator/third_party/peach/requirements.txt,clusterfuzz/src/appengine/handlers/cron/project,clusterfuzz/src/python/bot/tasks
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
CVE-2016-1000111 - Medium Severity Vulnerability
Vulnerable Library - Twisted-14.0.0.tar.bz2
An asynchronous networking framework written in Python
Library home page: https://files.pythonhosted.org/packages/76/38/cf8f81c1d7d84fec922d67f0d92bfa9fee59145d875d7263ceefa2bbbaf4/Twisted-14.0.0.tar.bz2
Path to dependency file: clusterfuzz/resources/platform/linux/peach/peach_mutator/peach_mutator/requirements.txt
Path to vulnerable library: clusterfuzz/resources/platform/linux/peach/peach_mutator/peach_mutator/requirements.txt,clusterfuzz/src/local/butler/scripts,clusterfuzz/src/python/bot/untrusted_runner/build,clusterfuzz/resources/platform/linux/peach/peach_mutator/peach_mutator/third_party/peach/requirements.txt,clusterfuzz/src/appengine/handlers/cron/project,clusterfuzz/src/python/bot/tasks
Dependency Hierarchy:
Found in HEAD commit: aefe4b0859891117218fba5984e5c3e753ea9597
Vulnerability Details
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
Publish Date: 2020-03-11
URL: CVE-2016-1000111
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1000111
Release Date: 2016-06-20
Fix Resolution: 16.3.1
The text was updated successfully, but these errors were encountered: