PYSEC-2014-12

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/python-swiftclient/PYSEC-2014-12.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2014-12

Aliases

CVE-2013-6396
GHSA-p3xv-97g8-4wmj

Published

2014-02-18T19:55:00Z

Modified

2023-11-08T03:57:25.938737Z

Summary

[none]

Details

The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

References

http://www.openwall.com/lists/oss-security/2014/02/17/7
https://bugs.launchpad.net/python-swiftclient/+bug/1199783

Affected packages

PyPI / python-swiftclient

Package

Name: python-swiftclient; View open source insights on deps.dev
Purl: pkg:pypi/python-swiftclient

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0

Fixed

2.0

Affected versions

1.*

1.0

1.1.1

1.2.0

1.3.0

1.4.0

1.5.0

1.6.0

1.7.0

1.8.0

1.9.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/python-swiftclient/PYSEC-2014-12.yaml"