Safety vulnerability ID: 34110
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Requesocks (a fork of requests package, working with socks proxy) is vulnerable to CVE-2018-18074.
Latest version: 0.10.8
Python HTTP for Humans, with socks proxy support
-------------------
* CVE-2016-9015. Users who are using urllib3 version 1.17 or 1.18 along with
PyOpenSSL injection and OpenSSL 1.1.0 *must* upgrade to this version. This
release fixes a vulnerability whereby urllib3 in the above configuration
would silently fail to validate TLS certificates due to erroneously setting
invalid flags in OpenSSL's ``SSL_CTX_set_verify`` function. These erroneous
flags do not cause a problem in OpenSSL versions before 1.1.0, which
interprets the presence of any flag as requesting certificate validation.
There is no PR for this patch, as it was prepared for simultaneous disclosure
and release. The master branch received the same fix in PR 1010.
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application