—

PYSEC-2012-17

상세

Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / tweepy

최초 영향 버전: 0 수정 버전: 2.3.1

수정 pip install --upgrade 'tweepy>=2.3.1'

참고

http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf [WEB]
https://exchange.xforce.ibmcloud.com/vulnerabilities/79831 [WEB]
https://github.com/advisories/GHSA-pwx5-xg7g-wpc5 [ADVISORY]