What is CVE-2024-41671?

CVE-2024-41671 is a high-severity vulnerability in Twisted, classified under Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling). CVSS score: 8.3/10. Published 2024-07-29.

How severe is CVE-2024-41671?

High severity. CVSS v3 base score is 8.3 out of 10.

Is CVE-2024-41671 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Twisted

CVE-2024-41671

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. Th…

Vulnerability class: HTTP Request Smuggling

EPSS: 0.001 (28.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L.

Affected products

Twisted — versions <= 24.3.0

Weakness classification (CWE)

CWE-444 — Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling)

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7 (x_refsource_CONFIRM)
https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33 (x_refsource_MISC)
https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-41671?: CVE-2024-41671 is a high-severity vulnerability in Twisted, classified under Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling). CVSS score: 8.3/10. Published 2024-07-29.
How severe is CVE-2024-41671?: High severity. CVSS v3 base score is 8.3 out of 10.
Is CVE-2024-41671 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.