It was reported that python-restkit does not properly validate SSL/TLS certificates: It appears to simply use ssl.wrap_socket from the standard library, which does not do any validation by default. This can be verified by doing: >>> from restkit import request >>> r = request("https://tv.eurosport.com/";) >>> r.body_string() '<HTML><HEAD>...' Upstream issue: https://github.com/benoitc/restkit/issues/140 Additional information: http://seclists.org/oss-sec/2015/q1/818
Created python-restkit tracking bugs for this issue: Affects: fedora-all [bug 1202839]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.