Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-3wgu-rve4-pbg1

Summary Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument.

Aliases

alias	CVE-2015-2674

alias	GHSA-p9cv-hrxr-fxx8

alias	PYSEC-2017-69

Fixed_packages

Affected_packages

url pkg:pypi/restkit@1.0.0

purl pkg:pypi/restkit@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@1.0.0

url pkg:pypi/restkit@1.1.0

purl pkg:pypi/restkit@1.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@1.1.0

url pkg:pypi/restkit@1.1.1

purl pkg:pypi/restkit@1.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@1.1.1

url pkg:pypi/restkit@1.1.2

purl pkg:pypi/restkit@1.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@1.1.2

url pkg:pypi/restkit@1.1.3

purl pkg:pypi/restkit@1.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@1.1.3

url pkg:pypi/restkit@1.2.0

purl pkg:pypi/restkit@1.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@1.2.0

url pkg:pypi/restkit@1.2.1

purl pkg:pypi/restkit@1.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@1.2.1

url pkg:pypi/restkit@1.3.0

purl pkg:pypi/restkit@1.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@1.3.0

url pkg:pypi/restkit@1.3.1

purl pkg:pypi/restkit@1.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@1.3.1

url pkg:pypi/restkit@2.0.0

purl pkg:pypi/restkit@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@2.0.0

url pkg:pypi/restkit@2.0.1

purl pkg:pypi/restkit@2.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@2.0.1

url pkg:pypi/restkit@2.0.2

purl pkg:pypi/restkit@2.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@2.0.2

url pkg:pypi/restkit@2.0.4

purl pkg:pypi/restkit@2.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@2.0.4

url pkg:pypi/restkit@2.0.5

purl pkg:pypi/restkit@2.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@2.0.5

url pkg:pypi/restkit@2.1.0

purl pkg:pypi/restkit@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@2.1.0

url pkg:pypi/restkit@2.1.1

purl pkg:pypi/restkit@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@2.1.1

url pkg:pypi/restkit@2.1.2

purl pkg:pypi/restkit@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@2.1.2

url pkg:pypi/restkit@2.1.3

purl pkg:pypi/restkit@2.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@2.1.3

url pkg:pypi/restkit@2.1.4

purl pkg:pypi/restkit@2.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@2.1.4

url pkg:pypi/restkit@2.1.5

purl pkg:pypi/restkit@2.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@2.1.5

url pkg:pypi/restkit@2.1.6

purl pkg:pypi/restkit@2.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@2.1.6

url pkg:pypi/restkit@2.1.7

purl pkg:pypi/restkit@2.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@2.1.7

url pkg:pypi/restkit@2.2.0

purl pkg:pypi/restkit@2.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@2.2.0

url pkg:pypi/restkit@2.2.1

purl pkg:pypi/restkit@2.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@2.2.1

url pkg:pypi/restkit@2.2.2

purl pkg:pypi/restkit@2.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@2.2.2

url pkg:pypi/restkit@2.2.3

purl pkg:pypi/restkit@2.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@2.2.3

url pkg:pypi/restkit@2.2.4

purl pkg:pypi/restkit@2.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@2.2.4

url pkg:pypi/restkit@2.3.0

purl pkg:pypi/restkit@2.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@2.3.0

url pkg:pypi/restkit@2.3.1

purl pkg:pypi/restkit@2.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@2.3.1

url pkg:pypi/restkit@2.3.2

purl pkg:pypi/restkit@2.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@2.3.2

url pkg:pypi/restkit@2.3.3

purl pkg:pypi/restkit@2.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@2.3.3

url pkg:pypi/restkit@3.0.0

purl pkg:pypi/restkit@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@3.0.0

url pkg:pypi/restkit@3.0.1

purl pkg:pypi/restkit@3.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@3.0.1

url pkg:pypi/restkit@3.0.2

purl pkg:pypi/restkit@3.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@3.0.2

url pkg:pypi/restkit@3.0.3

purl pkg:pypi/restkit@3.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@3.0.3

url pkg:pypi/restkit@3.0.4

purl pkg:pypi/restkit@3.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@3.0.4

url pkg:pypi/restkit@3.2.0

purl pkg:pypi/restkit@3.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@3.2.0

url pkg:pypi/restkit@3.2.1

purl pkg:pypi/restkit@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@3.2.1

url pkg:pypi/restkit@3.2.2

purl pkg:pypi/restkit@3.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@3.2.2

url pkg:pypi/restkit@3.2.3

purl pkg:pypi/restkit@3.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@3.2.3

url pkg:pypi/restkit@3.3.0

purl pkg:pypi/restkit@3.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@3.3.0

url pkg:pypi/restkit@3.3.1

purl pkg:pypi/restkit@3.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@3.3.1

url pkg:pypi/restkit@3.3.2

purl pkg:pypi/restkit@3.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@3.3.2

url pkg:pypi/restkit@4.0.0

purl pkg:pypi/restkit@4.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@4.0.0

url pkg:pypi/restkit@4.1.0

purl pkg:pypi/restkit@4.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@4.1.0

url pkg:pypi/restkit@4.1.1

purl pkg:pypi/restkit@4.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@4.1.1

url pkg:pypi/restkit@4.1.2

purl pkg:pypi/restkit@4.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@4.1.2

url pkg:pypi/restkit@4.1.3

purl pkg:pypi/restkit@4.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@4.1.3

url pkg:pypi/restkit@4.1.4

purl pkg:pypi/restkit@4.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@4.1.4

url pkg:pypi/restkit@4.1.5

purl pkg:pypi/restkit@4.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@4.1.5

url pkg:pypi/restkit@4.2.0

purl pkg:pypi/restkit@4.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@4.2.0

url pkg:pypi/restkit@4.2.1

purl pkg:pypi/restkit@4.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@4.2.1

url pkg:pypi/restkit@4.2.2

purl pkg:pypi/restkit@4.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3wgu-rve4-pbg1

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/restkit@4.2.2

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-2674

reference_id

reference_type

scores

value	0.0034
scoring_system	epss
scoring_elements	0.57087
published_at	2026-06-11T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.57206
published_at	2026-06-12T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.57219
published_at	2026-06-13T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.57212
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-2674

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1202837

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1202837

reference_url

https://github.com/advisories/GHSA-p9cv-hrxr-fxx8

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p9cv-hrxr-fxx8

reference_url

https://github.com/benoitc/restkit

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/benoitc/restkit

reference_url

https://github.com/benoitc/restkit/issues/140

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/benoitc/restkit/issues/140

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/restkit/PYSEC-2017-69.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/restkit/PYSEC-2017-69.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-2674

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-2674

reference_url

http://www.openwall.com/lists/oss-security/2015/03/23/7

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2015/03/23/7

Weaknesses

cwe_id	295
name	Improper Certificate Validation
description	The product does not validate, or incorrectly validates, a certificate.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3wgu-rve4-pbg1

Vulnerability Instance