Product Research Enterprise Plans Docs

PyPi: Twilio

CVE-2024-27306

Transitive

Safety vulnerability ID: 71167

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Apr 18, 2024 Updated at Dec 13, 2024

Scan your Python projects for vulnerabilities →

Advisory

Twilio version 9.1.0 includes a security upgrade for the aiohttp dependency, updating it from version 3.8.6 to 3.9.4. This update addresses the vulnerability identified as CVE-2024-27306.

Affected package

twilio

Latest version: 9.4.1

Twilio API client and TwiML generator

Affected versions

Fixed versions

Vulnerability changelog

--------------------------
**Library - Chore**
- [PR 789](https://github.com/twilio/twilio-python/pull/789): [Snyk] Security upgrade aiohttp from 3.8.6 to 3.9.4. Thanks to [twilio-product-security](https://github.com/twilio-product-security)!

**Library - Fix**
- [PR 716](https://github.com/twilio/twilio-python/pull/716): Connection pool is full, discarding connection. Thanks to [lightiverson](https://github.com/lightiverson)!

**Api**
- Add ie1 as supported region for UserDefinedMessage and UserDefinedMessageSubscription.

**Flex**
- Adding validated field to `plugin_versions`
- Corrected the data type for `runtime_domain`, `call_recording_webhook_url`, `crm_callback_url`, `crm_fallback_url`, `flex_url` in Flex Configuration
- Making `routing` optional in Create Interactions endpoint

**Intelligence**
- Expose operator authoring apis to public visibility
- Deleted `language_code` parameter from updating service in v2 **(breaking change)**
- Add read_only_attached_operator_sids to v2 services

**Numbers**
- Add API endpoint for GET Porting Webhook Configurations By Account SID
- Remove bulk portability api under version `/v1`. **(breaking change)**
- Removed porting_port_in_fetch.json files and move the content into porting_port_in.json files
- Add API endpoint to deleting Webhook Configurations
- Add Get Phone Number by Port in request SID and Phone Number SID api
- Add Create Porting webhook configuration API
- Added bundle_sid and losing_carrier_information fields to Create PortInRequest api to support Japan porting

**Taskrouter**
- Add back `routing_target` property to tasks
- Add back `ignore_capacity` property to tasks
- Removing `routing_target` property to tasks due to revert
- Removing `ignore_capacity` property to tasks due to revert
- Add `routing_target` property to tasks
- Add `ignore_capacity` property to tasks

**Trusthub**
- Add new field errors to bundle as part of public API response in customer_profile.json and trust_product.json **(breaking change)**
- Add themeSetId field in compliance_tollfree_inquiry.

**Verify**
- Update `friendly_name` description on service docs

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27306

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application