CVE-2015-2674: Missing X.509 certificate validation
(updated )
RESTKit for Python contains a flaw as X.509 certificates are not properly validated. By spoofing the TLS/SSL server via a certificate that appears valid, an attacker with the ability to intercept network traffic (e.g. MiTM, DNS cache poisoning) can disclose and optionally manipulate transmitted data.
References
Detect and mitigate CVE-2015-2674 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →