A twisted security update has been released for Debian GNU/Linux 8 Extended LTS to address an issue where Twisted exposes cookies and authorization headers when following cross-origin redirects.
ELA-566-1 twisted security update
Package twisted
ELA-566-1 twisted security update
Version 14.0.2-3+deb8u3
Related CVEs CVE-2022-21712
It was discovered that Twisted, a Python event-based framework for internet applications, exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the twisted.web.RedirectAgent and twisted.web.BrowserLikeRedirectAgent functions.
For Debian 8 jessie, these problems have been fixed in version 14.0.2-3+deb8u3.
We recommend that you upgrade your twisted packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
