Workflow

PyPi: Restkit

CVE-2015-2674

Safety vulnerability ID: 35609

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Aug 09, 2017 Updated at Mar 29, 2024
Scan your Python projects for vulnerabilities →

Advisory

Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument.

Affected package

restkit

Latest version: 4.2.2

Python REST kit

Affected versions

Fixed versions

Vulnerability changelog

Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument.


MLIST:[oss-security] 20150323 Re: Assign a CVE for Python's restkit Please: http://www.openwall.com/lists/oss-security/2015/03/23/7
MISC:https://github.com/benoitc/restkit/issues/140: https://github.com/benoitc/restkit/issues/140
CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1202837: https://bugzilla.redhat.com/show_bug.cgi?id=1202837

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 5.9

CVSS v3 Details

MEDIUM 5.9
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
HIGH
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
NONE
Integrity Impact (I)
HIGH
Availability Availability (A)
NONE

CVSS v2 Details

MEDIUM 4.3
Access Vector (AV)
NETWORK
Access Complexity (AC)
MEDIUM
Authentication (Au)
NONE
Confidentiality Impact (C)
NONE
Integrity Impact (I)
PARTIAL
Availability Impact (A)
NONE