[tor-bugs] #30834 [Applications/GetTor]: GetTor depends on Twisted, which has a URL sanitisation vulnerability
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jun 11 00:22:16 UTC 2019
#30834: GetTor depends on Twisted, which has a URL sanitisation vulnerability
-------------------------------------+--------------------------
Reporter: teor | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/GetTor | Version:
Severity: Normal | Keywords: security-low
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------+--------------------------
I'm not sure if GetTor is affected, because the vulnerability depends on
user input being put in URLs:
https://github.com/torproject/gettor/network/alert/requirements.txt/twisted/open
Here is a pull request created by GitHub's automated bot:
https://github.com/torproject/gettor/pull/1/files
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30834>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list