You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Pycurl is a library which provides curl binding in python. The original library is partially modelled in codeql. This PR adds support to test for SSL certificate validation when using pycurl.
The query aims to detect the vulnerable pattern found in CVE-2023-0509.
@xcorail I think I am having an issue claiming the rewards. For some reason, H1 errors out if I try to claim the bounty. I have already raised a ticket with H1 regarding this last week. I am waiting for a resolution now. I will let you know as soon as that changes.
Query PR
github/codeql#16812
Language
Python
CVE(s) ID list
CVE-2023-0509
CWE
CWE-295
Report
Pycurl is a library which provides curl binding in python. The original library is partially modelled in codeql. This PR adds support to test for SSL certificate validation when using pycurl.
The query aims to detect the vulnerable pattern found in CVE-2023-0509.
There are many more detections I have found through MRVA. I will keeps updating this issue as and when they convert to CVE's.
in the meantime, the database for the original CVE can be downloaded from the below links.
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response
The text was updated successfully, but these errors were encountered: