vulnerability
Arch Linux: Access restriction bypass (CVE-2022-24801)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Apr 4, 2022 | Jul 11, 2025 | Jan 5, 2026 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Apr 4, 2022
Added
Jul 11, 2025
Modified
Jan 5, 2026
Description
The Twisted Web HTTP 1.1 server prior to 22.4.0rc1, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230 leading to inconsistent interpretation of HTTP Requests ('HTTP Request Smuggling') in twisted.web.
Solution
arch-linux-upgrade-latest
References
- CVE-2022-24801
- https://attackerkb.com/topics/CVE-2022-24801
- URL-https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac
- URL-https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1
- URL-https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq
- URL-https://lists.debian.org/debian-lts-announce/2022/05/msg00003.html
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/
- URL-https://www.oracle.com/security-alerts/cpujul2022.html
- CWE-444
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.