Skip to content

Commit

Permalink
Latest data: Thu Sep 12 08:05:12 UTC 2024
Browse files Browse the repository at this point in the history
  • Loading branch information
github.actions committed Sep 12, 2024
1 parent 924af13 commit 017e6b3
Show file tree
Hide file tree
Showing 9 changed files with 248 additions and 74 deletions.
180 changes: 176 additions & 4 deletions audits/alot-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1238,12 +1238,13 @@
}
},
{
"modified": "2024-07-29T20:01:48Z",
"modified": "2024-09-11T21:45:48Z",
"published": "2024-07-29T17:29:36Z",
"schema_version": "1.6.0",
"id": "GHSA-cf56-g6w6-pqq2",
"aliases": [
"CVE-2024-41810"
"CVE-2024-41810",
"PYSEC-2024-75"
],
"summary": "Twisted vulnerable to HTML injection in HTTP redirect body",
"details": "### Summary\n\nThe `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body.\n\n### Details\nTwisted\u2019s `redirectTo` function generates an `HTTP 302 Redirect` response. The response contains an HTML body, built for exceptional cases where the browser doesn\u2019t properly handle the redirect, allowing the user to click a link, navigating them to the specified destination.\n\nThe function reflects the destination URL in the HTML body without any output encoding. \n```python\n# https://github.com/twisted/twisted/blob/trunk/src/twisted/web/_template_util.py#L88\ndef redirectTo(URL: bytes, request: IRequest) -> bytes:\n # ---snip---\n content = b\"\"\"\n<html>\n <head>\n <meta http-equiv=\\\"refresh\\\" content=\\\"0;URL=%(url)s\\\">\n </head>\n <body bgcolor=\\\"#FFFFFF\\\" text=\\\"#000000\\\">\n <a href=\\\"%(url)s\\\">click here</a>\n </body>\n</html>\n\"\"\" % {\n b\"url\": URL\n }\n return content\n```\n\nIf an attacker has full or partial control over redirect location due to an application bug, also known as an \u201cOpen Redirect\u201d, they may inject arbitrary HTML into the response\u2019s body, ultimately leading to an XSS attack.\n\nIt\u2019s worth noting that the issue is known to maintainers and tracked with GitHub [Issue#9839](https://github.com/twisted/twisted/issues/9839). The issue description, however, does not make any mention of exploitability and simply states: \u201c\u2026Browsers don't seem to actually render that page\u2026\u201d\n\n### PoC\nThe issue can be reproduced by running the following Twisted-based HTTP server locally:\n```python\nfrom twisted.web import server, resource\nfrom twisted.internet import reactor\nfrom twisted.web.util import redirectTo\n\nclass Simple(resource.Resource):\n isLeaf = True\n def render_GET(self, request):\n url = request.args[b'url'][0] # <-- open redirect\n return redirectTo(url, request)\n\nsite = server.Site(Simple())\nreactor.listenTCP(9009, site)\nreactor.run()\n```\nOnce running, navigate to the following URL: `http://127.0.0.1:9009?url=ws://example.com/\"><script>alert(document.location)</script>`, and verify that the \u201calert\u201d dialog was displayed.\n\n**Note**: Due to the different ways browsers validate the redirect Location header, this attack is possible only in **Firefox**. All other tested browsers will display an error message to the user and will not render the HTML body.\n\n### Impact\nIf successfully exploited, the issue will allow malicious JavaScript to run in the context of the victim's session. This will in turn lead to unauthorized access/modification to victim's account and information associated with it, or allow for unauthorized operations to be performed within the context of the victim's session.",
Expand Down Expand Up @@ -1397,6 +1398,10 @@
"type": "WEB",
"url": "https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2024-75.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/twisted/twisted"
Expand Down Expand Up @@ -1724,6 +1729,171 @@
"url": "https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm"
}
]
},
{
"modified": "2024-09-11T19:42:11Z",
"published": "2024-07-29T16:15:00Z",
"schema_version": "1.6.0",
"id": "PYSEC-2024-75",
"aliases": [
"CVE-2024-41810",
"GHSA-cf56-g6w6-pqq2"
],
"details": "Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.",
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "twisted",
"purl": "pkg:pypi/twisted"
},
"ranges": [
{
"type": "GIT",
"events": [
{
"introduced": "0"
},
{
"fixed": "046a164f89a0f08d3239ecebd750360f8914df33"
}
],
"repo": "https://github.com/twisted/twisted"
},
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "24.7.0rc1"
}
]
}
],
"versions": [
"1.0.1",
"1.0.3",
"1.0.4",
"1.0.5",
"1.0.6",
"1.0.7",
"1.1.0",
"1.1.1",
"1.2.0",
"10.0.0",
"10.1.0",
"10.2.0",
"11.0.0",
"11.1.0",
"12.0.0",
"12.1.0",
"12.2.0",
"12.3.0",
"13.0.0",
"13.1.0",
"13.2.0",
"14.0.0",
"14.0.1",
"14.0.2",
"15.0.0",
"15.1.0",
"15.2.0",
"15.2.1",
"15.3.0",
"15.4.0",
"15.5.0",
"16.0.0",
"16.1.0",
"16.1.1",
"16.2.0",
"16.3.0",
"16.3.1",
"16.3.2",
"16.4.0",
"16.4.1",
"16.5.0",
"16.5.0rc1",
"16.5.0rc2",
"16.6.0",
"16.6.0rc1",
"16.7.0rc1",
"16.7.0rc2",
"17.1.0",
"17.1.0rc1",
"17.5.0",
"17.9.0",
"17.9.0rc1",
"18.4.0",
"18.4.0rc1",
"18.7.0",
"18.7.0rc1",
"18.7.0rc2",
"18.9.0",
"18.9.0rc1",
"19.10.0",
"19.10.0rc1",
"19.2.0",
"19.2.0rc1",
"19.2.0rc2",
"19.2.1",
"19.7.0",
"19.7.0rc1",
"2.1.0",
"2.4.0",
"2.5.0",
"20.3.0",
"20.3.0rc1",
"21.2.0",
"21.2.0rc1",
"21.7.0",
"21.7.0rc1",
"21.7.0rc2",
"21.7.0rc3",
"22.1.0",
"22.1.0rc1",
"22.10.0",
"22.10.0rc1",
"22.2.0",
"22.2.0rc1",
"22.4.0",
"22.4.0rc1",
"22.8.0",
"22.8.0rc1",
"23.10.0",
"23.10.0rc1",
"23.8.0",
"23.8.0rc1",
"24.2.0rc1",
"24.3.0",
"8.0.0",
"8.0.1",
"8.1.0",
"8.2.0",
"9.0.0"
],
"database_specific": {
"source": "https://github.com/pypa/advisory-database/blob/main/vulns/twisted/PYSEC-2024-75.yaml"
}
}
],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/twisted/twisted/security/advisories/GHSA-cf56-g6w6-pqq2"
},
{
"type": "FIX",
"url": "https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33"
}
]
}
],
"groups": [
Expand All @@ -1739,11 +1909,13 @@
},
{
"ids": [
"GHSA-cf56-g6w6-pqq2"
"GHSA-cf56-g6w6-pqq2",
"PYSEC-2024-75"
],
"aliases": [
"CVE-2024-41810",
"GHSA-cf56-g6w6-pqq2"
"GHSA-cf56-g6w6-pqq2",
"PYSEC-2024-75"
],
"max_severity": "6.1"
},
Expand Down
2 changes: 1 addition & 1 deletion requirements/ansible-lint-requirements.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ black==24.8.0
bracex==2.5
click==8.1.7
filelock==3.16.0
importlib-metadata==8.4.0
importlib-metadata==8.5.0
jinja2==3.1.4
jsonschema==4.23.0
jsonschema-specifications==2023.12.1
Expand Down
62 changes: 31 additions & 31 deletions requirements/aws-sam-cli-requirements.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,11 @@ aws-lambda-builders==1.50.0
aws-sam-translator==1.91.0
binaryornot==0.4.4
blinker==1.8.2
boto3==1.35.1
boto3-stubs==1.34.159
botocore==1.35.1
botocore-stubs==1.35.1
cfn-lint==1.10.3
boto3==1.35.17
boto3-stubs==1.35.14
botocore==1.35.17
botocore-stubs==1.35.17
cfn-lint==1.12.4
chardet==5.2.0
charset-normalizer==3.3.2
chevron==0.14.0
Expand All @@ -18,7 +18,7 @@ cookiecutter==2.6.0
dateparser==1.2.0
docker==7.1.0
flask==3.0.3
idna==3.7
idna==3.8
itsdangerous==2.2.0
jinja2==3.1.4
jmespath==1.0.1
Expand All @@ -30,48 +30,48 @@ markdown-it-py==3.0.0
markupsafe==2.1.5
mdurl==0.1.2
mpmath==1.3.0
mypy-boto3-apigateway==1.34.137
mypy-boto3-cloudformation==1.34.111
mypy-boto3-ecr==1.34.154
mypy-boto3-iam==1.34.162
mypy-boto3-kinesis==1.34.153
mypy-boto3-lambda==1.34.77
mypy-boto3-s3==1.34.162
mypy-boto3-schemas==1.34.0
mypy-boto3-secretsmanager==1.34.145
mypy-boto3-signer==1.34.95
mypy-boto3-sqs==1.34.121
mypy-boto3-stepfunctions==1.34.149
mypy-boto3-sts==1.34.0
mypy-boto3-xray==1.34.0
mypy-boto3-apigateway==1.35.0
mypy-boto3-cloudformation==1.35.0
mypy-boto3-ecr==1.35.17
mypy-boto3-iam==1.35.0
mypy-boto3-kinesis==1.35.0
mypy-boto3-lambda==1.35.3
mypy-boto3-s3==1.35.16
mypy-boto3-schemas==1.35.0
mypy-boto3-secretsmanager==1.35.0
mypy-boto3-signer==1.35.0
mypy-boto3-sqs==1.35.0
mypy-boto3-stepfunctions==1.35.9
mypy-boto3-sts==1.35.0
mypy-boto3-xray==1.35.0
networkx==3.3
pydantic==2.8.2
pydantic-core==2.20.1
pydantic==2.9.1
pydantic-core==2.23.3
pygments==2.18.0
pyopenssl==24.2.1
python-dateutil==2.9.0.post0
python-slugify==8.0.4
pytz==2024.1
pytz==2024.2
pyyaml==6.0.2
referencing==0.35.1
regex==2024.7.24
regex==2024.9.11
requests==2.32.3
rich==13.7.1
rich==13.8.1
rpds-py==0.20.0
ruamel-yaml==0.18.6
ruamel-yaml-clib==0.2.8
s3transfer==0.10.2
setuptools==73.0.0
setuptools==74.1.2
six==1.16.0
sympy==1.13.2
text-unidecode==1.3
tomlkit==0.13.0
types-awscrt==0.21.2
types-python-dateutil==2.9.0.20240316
types-s3transfer==0.10.1
tomlkit==0.13.2
types-awscrt==0.21.5
types-python-dateutil==2.9.0.20240906
types-s3transfer==0.10.2
typing-extensions==4.12.2
tzlocal==5.2
urllib3==2.2.2
watchdog==4.0.2
werkzeug==3.0.3
werkzeug==3.0.4
wheel==0.44.0
2 changes: 1 addition & 1 deletion requirements/conan-requirements.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,4 @@ python-dateutil==2.9.0.post0
pyyaml==6.0.2
requests==2.32.3
six==1.16.0
urllib3==1.26.19
urllib3==1.26.20
Loading

0 comments on commit 017e6b3

Please sign in to comment.