GHSA-8r99-h8j2-rw64: 
Python 5FOqC0

The vulnerability (GHSA-8r99-h8j2-rw64) affects Twisted Web, making it susceptible to HTTP request smuggling attacks. The issue was present in versions prior to 20.3.0 and was discovered by Jake Miller of Bishop Fox Security and ZeddYu Lu. The vulnerability stems from improper handling of HTTP headers, specifically related to content-length and transfer-encoding headers (GitHub Advisory).

The vulnerability manifests in multiple ways: 1) When receiving two content-length headers, Twisted Web ignored the first header and when the second content-length was set to zero, it interpreted the request body as a pipelined request, violating RFC 7230 Section 3.3.3#4. 2) When presented with both content-length and chunked encoding headers, the content-length took precedence, causing the remainder of the request body to be interpreted as a pipelined request, violating RFC 7230 Section 3.3.3#3. 3) The system incorrectly allowed BWS between the field-name and colon, and only identity and chunked Transport-Encoding should be accepted (GitHub Advisory).

The vulnerability enables HTTP request smuggling attacks, which could potentially lead to request queue manipulation and security bypass. When exploited, attackers could manipulate how the server processes HTTP requests, potentially leading to unauthorized access or execution of malicious requests (GitHub Advisory).

The vulnerability has been patched in Twisted version 20.3.0. The fix includes rejecting requests with multiple Content-Length headers with a 400 response, properly handling requests with both Content-Length and Transfer-Encoding headers, and restricting Transfer-Encoding values to only 'chunked' and 'identity' (Twisted Commit).