oss-sec mailing list archives
Assign a CVE for Python's restkit Please
From: Donald Stufft <donald () stufft io>
Date: Thu, 12 Mar 2015 11:03:32 -0400
Pythons Restskit[1][2][3][4] does not properly validate TLS (see https://github.com/benoitc/restkit/issues/140). It appears to simply use ssl.wrap_socket from the standard library, which does not do any validation by default. This can be verified by doing: >>> from restkit import request >>> r = request("https://tv.eurosport.com/") >>> r.body_string() '<HTML><HEAD>...' Can a CVE be assigned for this? [1] https://github.com/benoitc/restkit [2] https://pypi.python.org/pypi/restkit [3] http://restkit.readthedocs.org/en/latest/ [4] https://benoitc.github.io/restkit/index.html --- Donald Stufft PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Assign a CVE for Python's restkit Please Donald Stufft (Mar 12)
- Re: Assign a CVE for Python's restkit Please Donald Stufft (Mar 22)
- Re: Assign a CVE for Python's restkit Please cve-assign (Mar 23)