The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available.
Information Disclosure
Portage
NVD
CVSS 2.0
9.3
EPSS
0.6%