mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 17:59:59 +00:00
Code Issues Projects Releases Wiki Activity

python3-twisted: Fix CVE-2024-41810

Browse Source 
Twisted is an event-based framework for internet applications, supporting Python 3.6+.
The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability.
If application code allows an attacker to control the redirect URL this vulnerability
may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body.
This vulnerability is fixed in 24.7.0rc1.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-41810

Upstream patch:
https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Soumya Sambu
2025-09-16 18:26:00 +05:30
committed by Gyorgy Sarvari
parent 5c13812501
commit 7ca4d7761b
2 changed files with 111 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-python/recipes-devtools/python/python3-twisted_22.2.0.bb
+2 -1
View File
@@ -12,7 +12,8 @@ SRC_URI[sha256sum] = "57f32b1f6838facb8c004c89467840367ad38e9e535f8252091345dba5
PYPI_PACKAGE = "Twisted"
SRC_URI += "file://CVE-2024-41671-0001.patch \
file://CVE-2024-41671-0002.patch"
file://CVE-2024-41671-0002.patch \
file://CVE-2024-41810.patch"
inherit pypi python_setuptools_build_meta