{"id":"CVE-2020-27589","details":"Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases.","aliases":["GHSA-f248-v4qh-x2r6","PYSEC-2020-26"],"modified":"2026-04-02T05:09:50.311776Z","published":"2020-11-06T14:15:16.457Z","references":[{"type":"ADVISORY","url":"https://community.synopsys.com/s/question/0D52H00005JCZAXSA5/announcement-black-duck-defect-identified"},{"type":"ADVISORY","url":"https://github.com/blackducksoftware/hub-rest-api-python"},{"type":"ADVISORY","url":"https://pypi.org/project/blackduck/"},{"type":"FIX","url":"https://github.com/blackducksoftware/hub-rest-api-python/pull/113/commits/273b27d0de1004389dd8cf43c40b1197c787e7cd"},{"type":"EVIDENCE","url":"https://www.optiv.com/explore-optiv-insights/source-zero/certificate-validation-disabled-black-duck-api-wrapper"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/blackducksoftware/hub-rest-api-python","events":[{"introduced":"0"},{"last_affected":"42e2e81b6be1017ed4d5719b5aace264293b75d8"}],"database_specific":{"versions":[{"introduced":"0.0.25"},{"last_affected":"0.0.52"}]}}],"versions":["0.0.26","0.0.51","0.0.52"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27589.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}