PYSEC-2012-17

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/tweepy/PYSEC-2012-17.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2012-17

Aliases

CVE-2012-5825
GHSA-pwx5-xg7g-wpc5

Published

2012-11-04T22:55:00Z

Modified

2023-11-01T04:44:53.804952Z

Summary

[none]

Details

Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library.

References

http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/79831

Affected packages

PyPI / tweepy

Package

Name: tweepy; View open source insights on deps.dev
Purl: pkg:pypi/tweepy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.1

Affected versions

1.*

1.1

1.2

1.3

1.4

1.5

1.6

1.7.1

1.8

1.9

1.10

1.11

1.12

1.13

2.*

2.0

2.1

2.2

2.3

2.3.0