PublicDateAtUSN: 2020-03-12 13:15:00 UTC
Candidate: CVE-2020-10109
PublicDate: 2020-03-12 13:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10109
 https://ubuntu.com/security/notices/USN-4308-1
 https://ubuntu.com/security/notices/USN-4308-2
Description:
 In Twisted Web through 19.10.0, there was an HTTP request splitting
 vulnerability. When presented with a content-length and a chunked encoding
 header, the content-length took precedence and the remainder of the request
 body was interpreted as a pipelined request.
Ubuntu-Description: 
Notes: 
 mdeslaur> same commit as CVE-2020-10108
Mitigation: 
Bugs: 
Priority: medium
Discovered-by: Jake Miller
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_twisted:
 upstream: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
upstream_twisted: needs-triage
precise/esm_twisted: not-affected (code not present)
trusty_twisted: ignored (out of standard support)
trusty/esm_twisted: released (13.2.0-1ubuntu1.2+esm1)
xenial_twisted: released (16.0.0-1ubuntu0.4)
esm-infra/xenial_twisted: released (16.0.0-1ubuntu0.4)
bionic_twisted: released (17.9.0-2ubuntu0.1)
eoan_twisted: released (18.9.0-3ubuntu1.1)
devel_twisted: released (18.9.0-6ubuntu1)