{"id":"PYSEC-2017-69","details":"Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument.","aliases":["CVE-2015-2674","GHSA-p9cv-hrxr-fxx8"],"modified":"2023-11-08T03:57:52.232864Z","published":"2017-08-09T18:29:00Z","references":[{"type":"REPORT","url":"https://github.com/benoitc/restkit/issues/140"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1202837"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2015/03/23/7"}],"affected":[{"package":{"name":"restkit","ecosystem":"PyPI","purl":"pkg:pypi/restkit"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"1.0.0"}]}],"versions":["1.0.0","1.1.0","1.1.1","1.1.2","1.1.3","1.2.0","1.2.1","1.3.0","1.3.1","2.0.0","2.0.1","2.0.2","2.0.4","2.0.5","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.1.5","2.1.6","2.1.7","2.2.0","2.2.1","2.2.2","2.2.3","2.2.4","2.3.0","2.3.1","2.3.2","2.3.3","3.0.0","3.0.1","3.0.2","3.0.3","3.0.4","3.2.0","3.2.1","3.2.2","3.2.3","3.3.0","3.3.1","3.3.2","4.0.0","4.1.0","4.1.1","4.1.2","4.1.3","4.1.4","4.1.5","4.2.0","4.2.1","4.2.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/restkit/PYSEC-2017-69.yaml"}}],"schema_version":"1.7.3"}