Description
twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.
Remediation
References
Related Vulnerabilities
WordPress Plugin Redirection Cross-Site Request Forgery (1.1.3)
Internet Information Services Other Vulnerability (CVE-2002-0150)
WordPress Plugin Analyticator Cross-Site Request Forgery (6.4.9.3)
MediaWiki Other Vulnerability (CVE-2005-2396)
WordPress Plugin Social Sharing-Social Warfare Malicious Code (4.4.7.1)