CVE-2023-37920 – certifi

Package

Manager: pip
Name: certifi
Vulnerable Version: >=2015.4.28 <2023.7.22

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00112 pctl0.30282

Details

Removal of e-Tugra root certificate Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store. e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found [here](https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A).

Metadata

Created: 2023-07-25T14:43:53Z
Modified: 2025-02-12T21:33:44Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-xqr8-7jwr-rhp7/GHSA-xqr8-7jwr-rhp7.json
CWE IDs: ["CWE-345"]
Alternative ID: GHSA-xqr8-7jwr-rhp7
Finding: F204
Auto approve: 1