PYSEC-2020-252

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/scalyr-agent-2/PYSEC-2020-252.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2020-252

Aliases

Published

2020-08-27T22:15:00Z

Modified

2023-11-01T04:52:36.779231Z

Summary

[none]

Details

The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltName.

References

https://scalyr-static.s3.amazonaws.com/technical-details/index.html

Affected packages

PyPI / scalyr-agent-2

Package

Name: scalyr-agent-2; View open source insights on deps.dev
Purl: pkg:pypi/scalyr-agent-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.10

Affected versions

2.*

2.0.0.alpha.11

2.0.0.beta.3

2.0.1

2.0.2

2.0.4.1

2.0.4.2

2.0.5

2.0.6

2.0.8

2.0.14

2.0.15

2.0.17

2.0.27

2.0.37

2.0.38

2.0.39

2.0.40

2.0.41

2.0.42

2.0.43

2.0.44

2.0.45

2.0.46

2.0.47

2.0.48

2.0.49

2.0.50

2.0.51

2.0.52

2.0.53

2.0.54

2.0.55

2.0.56

2.0.57

2.0.58

2.0.59

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/scalyr-agent-2/PYSEC-2020-252.yaml"