{"id":"PYSEC-2020-26","details":"Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases.","aliases":["CVE-2020-27589","GHSA-f248-v4qh-x2r6"],"modified":"2023-11-08T04:03:21.744685Z","published":"2020-11-06T14:15:00Z","references":[{"type":"WEB","url":"https://www.optiv.com/explore-optiv-insights/source-zero/certificate-validation-disabled-black-duck-api-wrapper"},{"type":"PACKAGE","url":"https://pypi.org/project/blackduck/"},{"type":"WEB","url":"https://github.com/blackducksoftware/hub-rest-api-python"},{"type":"WEB","url":"https://github.com/blackducksoftware/hub-rest-api-python/pull/113/commits/273b27d0de1004389dd8cf43c40b1197c787e7cd"},{"type":"WEB","url":"https://community.synopsys.com/s/question/0D52H00005JCZAXSA5/announcement-black-duck-defect-identified"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-f248-v4qh-x2r6"}],"affected":[{"package":{"name":"blackduck","ecosystem":"PyPI","purl":"pkg:pypi/blackduck"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0.0.25"},{"fixed":"0.0.53"}]}],"versions":["0.0.25","0.0.26","0.0.27","0.0.28","0.0.29","0.0.30","0.0.31","0.0.32","0.0.33","0.0.34","0.0.35","0.0.36","0.0.37","0.0.38","0.0.39","0.0.40","0.0.41","0.0.42","0.0.43","0.0.44","0.0.45","0.0.46","0.0.47","0.0.48","0.0.49","0.0.50","0.0.51","0.0.52"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/blackduck/PYSEC-2020-26.yaml"}}],"schema_version":"1.7.3"}