CVE-2022-2996

Improper Certificate Validation in pypi/python-scciclient

Identifiers

GHSA-rf3f-3p37-2qh4, CVE-2022-2996

Package Slug

pypi/python-scciclient

Vulnerability

Improper Certificate Validation

Description

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks.

Affected Versions

All versions before 0.12.0

Solution

Upgrade to version 0.12.0 or above.

Last Modified

2022-09-19

source