Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS13M2o2LThqMzQtcTQzeM4AAf7B

Apache Libcloud does not verify SSL certificates for HTTPS connections

libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack. This is due to an upstream issue with python's SSL module rather than directly with libcloud.

Permalink: https://github.com/advisories/GHSA-w3j6-8j34-q43x
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13M2o2LThqMzQtcTQzeM4AAf7B
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 2 months ago

Identifiers: GHSA-w3j6-8j34-q43x, CVE-2010-4340
References:

Repository: https://github.com/apache/libcloud
Blast Radius: 0.0

Affected Packages

pypi:apache-libcloud

Dependent packages: 27
Dependent repositories: 2,071
Downloads: 233,276 last month
Affected Version Ranges: <= 0.4.0
Fixed in: 0.4.1
All affected versions: 0.3.1, 0.4.0
All unaffected versions: 0.4.2, 0.5.0, 0.5.2, 0.6.1, 0.6.2, 0.7.1, 0.8.0, 0.9.1, 0.10.1, 0.11.0, 0.11.1, 0.11.3, 0.11.4, 0.12.1, 0.12.3, 0.12.4, 0.13.0, 0.13.1, 0.13.2, 0.13.3, 0.14.0, 0.14.1, 0.15.0, 0.15.1, 0.16.0, 0.17.0, 0.18.0, 0.19.0, 0.20.0, 0.20.1, 1.0.0, 1.1.0, 1.2.1, 1.3.0, 1.4.0, 1.5.0, 2.0.0, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.4.0, 2.5.0, 2.6.0, 2.6.1, 2.7.0, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 3.0.0, 3.1.0, 3.2.0, 3.3.0, 3.3.1, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.8.0