Intel/AIKIDO-2024-10198
twisted
AIKIDO-2024-10198
twisted is vulnerable to HTTP Request/Response Smuggling
HTTP Request/Response SmugglingCVE-2024-41671 Published Jul 29, 2024
83
High Risk
This Affects:
twisted10.0.0 - 24.3.0
Fixed in 24.7.0rc1Are you affected? Scan for Free
TL;DR
Affected versions of the package are vulnerable to HTTP request/response smuggling. The HTTP 1.0 and 1.1 server provided by twisted.web processes pipelined HTTP requests out of order, potentially leading to information disclosure.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
twisted is vulnerable to HTTP Request/Response Smuggling in versions 10.0.0 - 24.3.0.
How to fix this
Upgrade the twisted library to the patch version.
Links
GitHub Release
Fix Commits
github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33
github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abchttps://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
Resources
Industries
Use Cases
Compare
© 2026 Aikido Security BV | BE0792914919
Keizer Karelstraat 15, 9000, Ghent, Belgium
95 Third St, 2nd Fl, San Francisco, CA 94103, US
Unit 6.15 Runway East 18 18 Crucifix Ln, London SE1 3JW UK
Ghent, Belgium | San Francisco, US
SOC 2Compliant
ISO 27001Compliant