Headline
GHSA-8hx6-qv6f-xgcw: MindsDB 'Call to requests with verify=False disabling SSL certificate checks, security issue.' issue
Summary
Found an issue: Call to requests with verify=False disabling SSL certificate checks, security issue. Make the impact and severity as straightforward as possible. This rule enforces always verifying SSL certificates for methods in the Requests library. Certificates are validated by default which is the desired behavior.
Encryption in general is typically critical to the security of many applications. Using TLS can significantly increase security by guaranteeing the identity of the party you are communicating with. This is accomplished by one or both parties presenting trusted certificates during the connection initialization phase of TLS.
It is important to note that modules such as httplib within the Python standard library did not verify certificate chains until it was fixed in 2.7.9 release.
Details
Severity: Critical
Summary
Found an issue: Call to requests with verify=False disabling SSL certificate checks, security issue. Make the impact and severity as straightforward as possible. This rule enforces always verifying SSL certificates for methods in the Requests library. Certificates are validated by default which is the desired behavior.
Encryption in general is typically critical to the security of many applications. Using TLS can significantly increase security by guaranteeing the identity of the party you are communicating with. This is accomplished by one or both parties presenting trusted certificates during the connection initialization phase of TLS.
It is important to note that modules such as httplib within the Python standard library did not verify certificate chains until it was fixed in 2.7.9 release.
Details
Severity: Critical
References
- GHSA-8hx6-qv6f-xgcw
- mindsdb/mindsdb@083afcf