pysec-2023-135
Vulnerability from pysec
Published
2023-08-03 19:36
Modified
2023-08-07 05:41
Details
Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store. e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems.
Aliases
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "certifi", "purl": "pkg:pypi/certifi" }, "ranges": [ { "events": [ { "introduced": "2015.4.28" }, { "fixed": "2023.7.22" } ], "type": "ECOSYSTEM" } ], "versions": [ "2015.04.28", "2015.11.20", "2015.11.20.1", "2015.9.6", "2015.9.6.1", "2015.9.6.2", "2016.2.28", "2016.8.2", "2016.8.31", "2016.8.8", "2016.9.26", "2017.1.23", "2017.11.5", "2017.4.17", "2017.7.27", "2017.7.27.1", "2018.1.18", "2018.10.15", "2018.11.29", "2018.4.16", "2018.8.13", "2018.8.24", "2019.11.28", "2019.3.9", "2019.6.16", "2019.9.11", "2020.11.8", "2020.12.5", "2020.4.5", "2020.4.5.1", "2020.4.5.2", "2020.6.20", "2021.10.8", "2021.5.30", "2022.12.7", "2022.5.18", "2022.5.18.1", "2022.6.15", "2022.6.15.1", "2022.6.15.2", "2022.9.14", "2022.9.24", "2023.5.7" ] } ], "aliases": [ "CVE-2023-37920", "GHSA-xqr8-7jwr-rhp7" ], "details": "Certifi 2023.07.22 removes root certificates from \"e-Tugra\" from the root store. These are in the process of being removed from Mozilla\u0027s trust store. e-Tugra\u0027s root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems.", "id": "PYSEC-2023-135", "modified": "2023-08-07T05:41:30.977938+00:00", "published": "2023-08-03T19:36:12+00:00", "references": [ { "type": "WEB", "url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A" }, { "type": "WEB", "url": "https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37920" }, { "type": "ADVISORY", "url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7" } ] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.