Medium severity5.9NVD Advisory· Published Aug 9, 2017· Updated May 13, 2026
CVE-2015-2674
CVE-2015-2674
Description
Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
restkitPyPI | <= 4.2.2 | — |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-p9cv-hrxr-fxx8ghsaADVISORY
- github.com/benoitc/restkit/issues/140nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2015-2674ghsaADVISORY
- www.openwall.com/lists/oss-security/2015/03/23/7nvdMailing ListVDB EntryWEB
- github.com/pypa/advisory-database/tree/main/vulns/restkit/PYSEC-2017-69.yamlghsaWEB
News mentions
0No linked articles in our index yet.