CVE-2017-1000007: txAWS AWSServiceEndpoint defaults to not verifying server certificates
(updated )
txAWS fails to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure.
References
- github.com/advisories/GHSA-cggm-52qp-wvw7
- github.com/pypa/advisory-database/tree/main/vulns/txaws/PYSEC-2017-85.yaml
- github.com/twisted/txaws
- github.com/twisted/txaws/commit/46b66c3dc315de7b5896d60531311ec9658bc466
- github.com/twisted/txaws/issues/24
- github.com/twisted/txaws/pull/26
- nvd.nist.gov/vuln/detail/CVE-2017-1000007
Detect and mitigate CVE-2017-1000007 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →