GHSA-f248-v4qh-x2r6

Source

https://github.com/advisories/GHSA-f248-v4qh-x2r6

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-f248-v4qh-x2r6/GHSA-f248-v4qh-x2r6.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-f248-v4qh-x2r6

Aliases

Published

2021-04-20T16:29:41Z

Modified

2024-09-13T18:01:35.492976Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Improper Certificate Validation in blackduck

Details

Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases.

Database specific

{
    "nvd_published_at": "2020-11-06T14:15:00Z",
    "cwe_ids": [
        "CWE-295"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-19T23:38:37Z"
}

References

Affected packages

PyPI / blackduck

Package

Name: blackduck; View open source insights on deps.dev
Purl: pkg:pypi/blackduck

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.0.25

Fixed

0.0.53

Affected versions

0.*

0.0.25

0.0.26

0.0.27

0.0.28

0.0.29

0.0.30

0.0.31

0.0.32

0.0.33

0.0.34

0.0.35

0.0.36

0.0.37

0.0.38

0.0.39

0.0.40

0.0.41

0.0.42

0.0.43

0.0.44

0.0.45

0.0.46

0.0.47

0.0.48

0.0.49

0.0.50

0.0.51

0.0.52