{"id":"CVE-2020-10108","details":"In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.","aliases":["GHSA-h96w-mmrf-2h6v","PYSEC-2020-259"],"modified":"2026-05-15T12:04:02.652039216Z","published":"2020-03-12T13:15:12.293Z","related":["SUSE-SU-2022:2811-1","SUSE-SU-2022:4074-1","openSUSE-SU-2024:11041-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"14.04"},{"last_affected":"16.04"},{"last_affected":"18.04"},{"last_affected":"19.10"}],"source":"CPE_FIELD","vendor_product":"canonical:ubuntu_linux"},{"cpes":["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"9.0"}],"source":"CPE_FIELD","vendor_product":"debian:debian_linux"},{"cpes":["cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"31"},{"last_affected":"32"}],"source":"CPE_FIELD","vendor_product":"fedoraproject:fedora"},{"cpes":["cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*","cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"10"},{"last_affected":"11"}],"source":"CPE_FIELD","vendor_product":"oracle:solaris"},{"cpes":["cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"8.8"}],"source":"CPE_FIELD","vendor_product":"oracle:zfs_storage_appliance_kit"}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ISMZFZBWW4EV6ETJGXAYIXN3AT7GBPL/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3NIL7VXSGJND2Q4BSXM3CFTAFU6T7D/"},{"type":"ADVISORY","url":"https://know.bishopfox.com/advisories/twisted-version-19.10.0"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202007-24"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4308-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4308-2/"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"type":"EVIDENCE","url":"https://know.bishopfox.com/advisories"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}