Name of the Vulnerable Software and Affected Versions:

TwistedWeb version 14.0.0

Description:

A command injection issue exists in TwistedWeb due to improper input sanitization in the file upload functionality. An attacker can exploit this by sending a specially crafted HTTP PUT request to upload a malicious file, such as a reverse shell script. Once uploaded, the attacker can trigger the execution of arbitrary commands on the target system, potentially leading to remote code execution and escalation of privileges depending on the privileges of the web server process. The attack can be conducted remotely.

Recommendations:

Update TwistedWeb to a newer version that contains a fix for this issue. As a temporary workaround, restrict file upload functionality to trusted users only.