{"id":"CVE-2024-41671","summary":"twisted.web has disordered HTTP pipeline response","details":"Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.","aliases":["GHSA-c8m8-j448-xjx7"],"modified":"2026-04-09T10:19:13.985804Z","published":"2024-07-29T14:37:08.484Z","related":["MGASA-2025-0054","SUSE-SU-2024:2732-1","SUSE-SU-2024:2757-1","SUSE-SU-2024:2860-1","SUSE-SU-2024:2880-1","openSUSE-SU-2024:14228-1","openSUSE-SU-2024:14236-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41671.json","cwe_ids":["CWE-444"],"cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html"},{"type":"WEB","url":"https://www.vicarius.io/vsociety/posts/disordered-http-pipeline-in-twistedweb-cve-2024-4167"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41671.json"},{"type":"ADVISORY","url":"https://github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41671"},{"type":"FIX","url":"https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33"},{"type":"FIX","url":"https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/twisted/twisted","events":[{"introduced":"0"},{"fixed":"046a164f89a0f08d3239ecebd750360f8914df33"}]},{"type":"GIT","repo":"https://github.com/twisted/twisted","events":[{"introduced":"0"},{"fixed":"4a930de12fb67e88fefcb8822104152f42b27abc"}]},{"type":"GIT","repo":"https://github.com/twisted/twisted","events":[{"introduced":"0"},{"fixed":"046a164f89a0f08d3239ecebd750360f8914df33"}]},{"type":"GIT","repo":"https://github.com/twisted/twisted","events":[{"introduced":"0"},{"fixed":"4a930de12fb67e88fefcb8822104152f42b27abc"}]}],"versions":["before-black"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-41671.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}]}