I wanted to raise awareness regarding the use of Python Twisted framework version 16.6.0 within cPanel's CCS packages. Recently, one of our clients underwent an audit by an external security firm and was advised about potential vulnerabilities associated with the usage of this older Twisted version. Specifically, they highlighted the following CVE notices:
As a proactive measure, I initiated communication with cPanel, and they have acknowledged the concern by opening an internal case (CPANEL-43593). We've also submitted a ticket (ticket ID: #95165845) to address this issue.
This thread is being created to serve as a hub for information regarding cPanel's utilization of the Twisted framework. It aims to provide updates and essential details for our clients and anyone else seeking information on this matter.
Your participation and input in this discussion are highly encouraged and appreciated.
Please sign in to leave a comment.