SSL Hostname Verification Bypass

2019-04-2203:35:22

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.004 Low

EPSS

Percentile

74.4%

JSON

urllib3 is vulnerable to SSL Hostname verification bypass. The vulnerability exists as urllib3 incorrectly loads system certificates even when an explicit set of CA certificates were specified, possibly allowing man-in-the-middle attacks.

CPENameOperatorVersion
urllib3le1.24.1
python-urllib3eq1.23__5.el8ost
python-urllib3eq1.21.1__1.0.el7ost
python-urllib3eq1.8.2__5.el7ost
python-urllib3eq1.16__2.el7ost
python-urllib3eq1.21.1__1.2.el7ost
python-urllib3eq1.10.4__8.el7ost
python-urllib3eq1.10.2__2.ael7b_1
python-urllib3eq1.15.1__2.el7ost
python-urllib3eq1.8.2__4.el7ost

Name	Operator	Version
urllib3	le	1.24.1
python-urllib3	eq	1.23__5.el8ost
python-urllib3	eq	1.21.1__1.0.el7ost
python-urllib3	eq	1.8.2__5.el7ost
python-urllib3	eq	1.16__2.el7ost
python-urllib3	eq	1.21.1__1.2.el7ost
python-urllib3	eq	1.10.4__8.el7ost
python-urllib3	eq	1.10.2__2.ael7b_1
python-urllib3	eq	1.15.1__2.el7ost
python-urllib3	eq	1.8.2__4.el7ost