CVE-2015-2674: Restkit Does Not Validate TLS certificates
(updated )
Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket
function in Python with the default CERT_NONE value for the cert_reqs argument.
References
Detect and mitigate CVE-2015-2674 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →