python3-twisted: Fix CVE-2024-41810 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2025-09-16 18:26:00 +0530
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-18 09:53:18 +0200
commit	7ca4d7761b546524fc7777eac79a8e058701ebda (patch)
tree	e54d619e44827684e5a0b8ef6cf1d261f7900beb /meta-python/recipes-devtools/python/python-flask-xstatic/remove-pip-requires.patch
parent	5c138125018fef4b240e62b664a809d19f4b26a5 (diff)
download	meta-openembedded-7ca4d7761b546524fc7777eac79a8e058701ebda.tar.gz

python3-twisted: Fix CVE-2024-41810

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-41810 Upstream patch: https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python-flask-xstatic/remove-pip-requires.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: