{"id":"GHSA-65rm-h285-5cc5","summary":"Improper Certificate Validation in Twisted","details":"In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.","aliases":["CVE-2019-12855","PYSEC-2019-129"],"modified":"2024-12-06T05:32:16.112704Z","published":"2019-08-16T14:02:35Z","database_specific":{"nvd_published_at":"2019-06-16T12:29:00Z","severity":"CRITICAL","github_reviewed":true,"cwe_ids":["CWE-295"],"github_reviewed_at":"2019-08-12T15:06:23Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12855"},{"type":"WEB","url":"https://github.com/twisted/twisted/pull/1147"},{"type":"WEB","url":"https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2019-129.yaml"},{"type":"PACKAGE","url":"https://github.com/twisted/twisted"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLTZDMFBNFSJMBXYJNGJHENJA4H2TSMZ"},{"type":"WEB","url":"https://twistedmatrix.com/trac/ticket/9561"},{"type":"WEB","url":"https://usn.ubuntu.com/4308-1"},{"type":"WEB","url":"https://usn.ubuntu.com/4308-2"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00013.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00028.html"}],"affected":[{"package":{"name":"twisted","ecosystem":"PyPI","purl":"pkg:pypi/twisted"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"19.7.0rc1"}]}],"versions":["1.0.1","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.1.0","1.1.1","1.2.0","10.0.0","10.1.0","10.2.0","11.0.0","11.1.0","12.0.0","12.1.0","12.2.0","12.3.0","13.0.0","13.1.0","13.2.0","14.0.0","14.0.1","14.0.2","15.0.0","15.1.0","15.2.0","15.2.1","15.3.0","15.4.0","15.5.0","16.0.0","16.1.0","16.1.1","16.2.0","16.3.0","16.3.1","16.3.2","16.4.0","16.4.1","16.5.0","16.5.0rc1","16.5.0rc2","16.6.0","16.6.0rc1","16.7.0rc1","16.7.0rc2","17.1.0","17.1.0rc1","17.5.0","17.9.0","17.9.0rc1","18.4.0","18.4.0rc1","18.7.0","18.7.0rc1","18.7.0rc2","18.9.0","18.9.0rc1","19.2.0","19.2.0rc1","19.2.0rc2","19.2.1","2.1.0","2.4.0","2.5.0","8.0.0","8.0.1","8.1.0","8.2.0","9.0.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/08/GHSA-65rm-h285-5cc5/GHSA-65rm-h285-5cc5.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"}]}