Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

Affected versions of Twisted are vulnerable to HTTP Request Smuggling. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure.

Twisted 22.10.0rc1 includes a fix for CVE-2022-39348: NameVirtualHost Host header injection.
https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647

Affected versions of the Twisted package are vulnerable to Denial of Service due to unbounded resource consumption when decoding DNS names with chained compression pointers. The Name.decode method in src/twisted/names/dns.py enforces no per-message limit on pointer dereferences and resets its visited set for each Question record, while DNSServerFactory processes every record in QDCOUNT without validating it, so a Message containing thousands of questions that all reference a long shared chain of compression pointers forces the parser into millions of redundant traversals.

Twisted 23.10.0rc1 includes a fix for CVE-2023-46137: Disordered HTTP pipeline response in twisted.web. 
#NOTE: The data we include in this advisory differs from the publicly available on nist.nvd.gov. As indicated in the project's changelog, the vulnerability was introduced in Twisted 16.3.0.
https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm

Affected versions of Twisted are vulnerable to XSS. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body.

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints.
https://github.com/sqlalchemy/sqlalchemy/pull/8563

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

Affected versions of Twisted are vulnerable to HTTP Request Smuggling. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure.

Twisted 22.10.0rc1 includes a fix for CVE-2022-39348: NameVirtualHost Host header injection.
https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647

Affected versions of the Twisted package are vulnerable to Denial of Service due to unbounded resource consumption when decoding DNS names with chained compression pointers. The Name.decode method in src/twisted/names/dns.py enforces no per-message limit on pointer dereferences and resets its visited set for each Question record, while DNSServerFactory processes every record in QDCOUNT without validating it, so a Message containing thousands of questions that all reference a long shared chain of compression pointers forces the parser into millions of redundant traversals.

Twisted 23.10.0rc1 includes a fix for CVE-2023-46137: Disordered HTTP pipeline response in twisted.web. 
#NOTE: The data we include in this advisory differs from the publicly available on nist.nvd.gov. As indicated in the project's changelog, the vulnerability was introduced in Twisted 16.3.0.
https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm

Affected versions of Twisted are vulnerable to XSS. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body.

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints.
https://github.com/sqlalchemy/sqlalchemy/pull/8563

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints.
https://github.com/sqlalchemy/sqlalchemy/pull/8563

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints.
https://github.com/sqlalchemy/sqlalchemy/pull/8563

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints.
https://github.com/sqlalchemy/sqlalchemy/pull/8563

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints.
https://github.com/sqlalchemy/sqlalchemy/pull/8563

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints.
https://github.com/sqlalchemy/sqlalchemy/pull/8563

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

Affected versions of Twisted are vulnerable to HTTP Request Smuggling. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure.

Twisted 22.10.0rc1 includes a fix for CVE-2022-39348: NameVirtualHost Host header injection.
https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647

Affected versions of the Twisted package are vulnerable to Denial of Service due to unbounded resource consumption when decoding DNS names with chained compression pointers. The Name.decode method in src/twisted/names/dns.py enforces no per-message limit on pointer dereferences and resets its visited set for each Question record, while DNSServerFactory processes every record in QDCOUNT without validating it, so a Message containing thousands of questions that all reference a long shared chain of compression pointers forces the parser into millions of redundant traversals.

Twisted 23.10.0rc1 includes a fix for CVE-2023-46137: Disordered HTTP pipeline response in twisted.web. 
#NOTE: The data we include in this advisory differs from the publicly available on nist.nvd.gov. As indicated in the project's changelog, the vulnerability was introduced in Twisted 16.3.0.
https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm

Affected versions of Twisted are vulnerable to XSS. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body.

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints.
https://github.com/sqlalchemy/sqlalchemy/pull/8563

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

Affected versions of Twisted are vulnerable to HTTP Request Smuggling. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure.

Twisted 22.10.0rc1 includes a fix for CVE-2022-39348: NameVirtualHost Host header injection.
https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647

Affected versions of the Twisted package are vulnerable to Denial of Service due to unbounded resource consumption when decoding DNS names with chained compression pointers. The Name.decode method in src/twisted/names/dns.py enforces no per-message limit on pointer dereferences and resets its visited set for each Question record, while DNSServerFactory processes every record in QDCOUNT without validating it, so a Message containing thousands of questions that all reference a long shared chain of compression pointers forces the parser into millions of redundant traversals.

Twisted 23.10.0rc1 includes a fix for CVE-2023-46137: Disordered HTTP pipeline response in twisted.web. 
#NOTE: The data we include in this advisory differs from the publicly available on nist.nvd.gov. As indicated in the project's changelog, the vulnerability was introduced in Twisted 16.3.0.
https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm

Affected versions of Twisted are vulnerable to XSS. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body.

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints.
https://github.com/sqlalchemy/sqlalchemy/pull/8563

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

Affected versions of Twisted are vulnerable to HTTP Request Smuggling. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure.

Twisted 22.10.0rc1 includes a fix for CVE-2022-39348: NameVirtualHost Host header injection.
https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647

Affected versions of the Twisted package are vulnerable to Denial of Service due to unbounded resource consumption when decoding DNS names with chained compression pointers. The Name.decode method in src/twisted/names/dns.py enforces no per-message limit on pointer dereferences and resets its visited set for each Question record, while DNSServerFactory processes every record in QDCOUNT without validating it, so a Message containing thousands of questions that all reference a long shared chain of compression pointers forces the parser into millions of redundant traversals.

Twisted 23.10.0rc1 includes a fix for CVE-2023-46137: Disordered HTTP pipeline response in twisted.web. 
#NOTE: The data we include in this advisory differs from the publicly available on nist.nvd.gov. As indicated in the project's changelog, the vulnerability was introduced in Twisted 16.3.0.
https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm

Affected versions of Twisted are vulnerable to XSS. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body.

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints.
https://github.com/sqlalchemy/sqlalchemy/pull/8563

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

Affected versions of Twisted are vulnerable to HTTP Request Smuggling. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure.

Twisted 22.10.0rc1 includes a fix for CVE-2022-39348: NameVirtualHost Host header injection.
https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647

Affected versions of the Twisted package are vulnerable to Denial of Service due to unbounded resource consumption when decoding DNS names with chained compression pointers. The Name.decode method in src/twisted/names/dns.py enforces no per-message limit on pointer dereferences and resets its visited set for each Question record, while DNSServerFactory processes every record in QDCOUNT without validating it, so a Message containing thousands of questions that all reference a long shared chain of compression pointers forces the parser into millions of redundant traversals.

Twisted 23.10.0rc1 includes a fix for CVE-2023-46137: Disordered HTTP pipeline response in twisted.web. 
#NOTE: The data we include in this advisory differs from the publicly available on nist.nvd.gov. As indicated in the project's changelog, the vulnerability was introduced in Twisted 16.3.0.
https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm

Affected versions of Twisted are vulnerable to XSS. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body.

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints.
https://github.com/sqlalchemy/sqlalchemy/pull/8563

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

Affected versions of Twisted are vulnerable to HTTP Request Smuggling. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure.

Twisted 22.10.0rc1 includes a fix for CVE-2022-39348: NameVirtualHost Host header injection.
https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647

Affected versions of the Twisted package are vulnerable to Denial of Service due to unbounded resource consumption when decoding DNS names with chained compression pointers. The Name.decode method in src/twisted/names/dns.py enforces no per-message limit on pointer dereferences and resets its visited set for each Question record, while DNSServerFactory processes every record in QDCOUNT without validating it, so a Message containing thousands of questions that all reference a long shared chain of compression pointers forces the parser into millions of redundant traversals.

Twisted 23.10.0rc1 includes a fix for CVE-2023-46137: Disordered HTTP pipeline response in twisted.web. 
#NOTE: The data we include in this advisory differs from the publicly available on nist.nvd.gov. As indicated in the project's changelog, the vulnerability was introduced in Twisted 16.3.0.
https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm

Affected versions of Twisted are vulnerable to XSS. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body.

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints.
https://github.com/sqlalchemy/sqlalchemy/pull/8563

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

Affected versions of Twisted are vulnerable to HTTP Request Smuggling. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure.

Twisted 22.10.0rc1 includes a fix for CVE-2022-39348: NameVirtualHost Host header injection.
https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647

Affected versions of the Twisted package are vulnerable to Denial of Service due to unbounded resource consumption when decoding DNS names with chained compression pointers. The Name.decode method in src/twisted/names/dns.py enforces no per-message limit on pointer dereferences and resets its visited set for each Question record, while DNSServerFactory processes every record in QDCOUNT without validating it, so a Message containing thousands of questions that all reference a long shared chain of compression pointers forces the parser into millions of redundant traversals.

Twisted 23.10.0rc1 includes a fix for CVE-2023-46137: Disordered HTTP pipeline response in twisted.web. 
#NOTE: The data we include in this advisory differs from the publicly available on nist.nvd.gov. As indicated in the project's changelog, the vulnerability was introduced in Twisted 16.3.0.
https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm

Affected versions of Twisted are vulnerable to XSS. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body.

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints.
https://github.com/sqlalchemy/sqlalchemy/pull/8563

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

Affected versions of Twisted are vulnerable to HTTP Request Smuggling. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure.

Twisted 22.10.0rc1 includes a fix for CVE-2022-39348: NameVirtualHost Host header injection.
https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647

Affected versions of the Twisted package are vulnerable to Denial of Service due to unbounded resource consumption when decoding DNS names with chained compression pointers. The Name.decode method in src/twisted/names/dns.py enforces no per-message limit on pointer dereferences and resets its visited set for each Question record, while DNSServerFactory processes every record in QDCOUNT without validating it, so a Message containing thousands of questions that all reference a long shared chain of compression pointers forces the parser into millions of redundant traversals.

Twisted 23.10.0rc1 includes a fix for CVE-2023-46137: Disordered HTTP pipeline response in twisted.web. 
#NOTE: The data we include in this advisory differs from the publicly available on nist.nvd.gov. As indicated in the project's changelog, the vulnerability was introduced in Twisted 16.3.0.
https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm

Affected versions of Twisted are vulnerable to XSS. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body.

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints.
https://github.com/sqlalchemy/sqlalchemy/pull/8563

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

Affected versions of Twisted are vulnerable to HTTP Request Smuggling. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure.

Twisted 22.10.0rc1 includes a fix for CVE-2022-39348: NameVirtualHost Host header injection.
https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647

Affected versions of the Twisted package are vulnerable to Denial of Service due to unbounded resource consumption when decoding DNS names with chained compression pointers. The Name.decode method in src/twisted/names/dns.py enforces no per-message limit on pointer dereferences and resets its visited set for each Question record, while DNSServerFactory processes every record in QDCOUNT without validating it, so a Message containing thousands of questions that all reference a long shared chain of compression pointers forces the parser into millions of redundant traversals.

Twisted 23.10.0rc1 includes a fix for CVE-2023-46137: Disordered HTTP pipeline response in twisted.web. 
#NOTE: The data we include in this advisory differs from the publicly available on nist.nvd.gov. As indicated in the project's changelog, the vulnerability was introduced in Twisted 16.3.0.
https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm

Affected versions of Twisted are vulnerable to XSS. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body.

Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints.
https://github.com/sqlalchemy/sqlalchemy/pull/8563