3 matches found
jiraclient (>=2.1.11 <=2.1.13), jsonobject-couchdbkit (>=0.9.2 <=0.9.7) +2 more potentially affected by CVE-2015-2674 via restkit (=4.2.2)
restkit PYPI version =4.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on restkit and may be impacted: - jiraclient =2.1.11, =0.9.2, =0.4.0, =0.5.3 - pyrunscope =0.9.0a1 Source cves: CVE-2015-2674 Source advisory: OSV:PYSEC-2017-69...
CVE-2015-2674
CVE-2015-2674 affects Restkit written in Python, where TLS server verification can be bypassed by using ssl.wrap_socket with cert_reqs set to CERT_NONE, enabling MITM spoofing. The vulnerability is caused by the default no-verification configuration in SSL/TLS handling within Restkit and is docum...
CVE-2015-2674
Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrapsocket function in Python with the default CERTNONE value for the certreqs argument...