Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS14cXI4LTdqd3ItcmhwN84AA04J

Removal of e-Tugra root certificate

Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.

e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.

Permalink: https://github.com/advisories/GHSA-xqr8-7jwr-rhp7
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14cXI4LTdqd3ItcmhwN84AA04J
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: about 1 year ago

CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Identifiers: GHSA-xqr8-7jwr-rhp7, CVE-2023-37920
References:

Repository: https://github.com/certifi/python-certifi
Blast Radius: 42.1

Affected Packages

pypi:certifi

Dependent packages: 3,902
Dependent repositories: 415,524
Downloads: 507,339,607 last month
Affected Version Ranges: >= 2015.4.28, < 2023.7.22
Fixed in: 2023.7.22
All affected versions: 2015.4.28, 2015.9.6, 2015.11.20, 2016.2.28, 2016.8.2, 2016.8.8, 2016.8.31, 2016.9.26, 2017.1.23, 2017.4.17, 2017.7.27, 2017.11.5, 2018.1.18, 2018.4.16, 2018.8.13, 2018.8.24, 2018.10.15, 2018.11.29, 2019.3.9, 2019.6.16, 2019.9.11, 2019.11.28, 2020.4.5, 2020.6.20, 2020.11.8, 2020.12.5, 2021.5.30, 2021.10.8, 2022.5.18, 2022.6.15, 2022.9.14, 2022.9.24, 2022.12.7, 2023.5.7
All unaffected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 1.0.0, 1.0.1, 14.5.14, 2023.7.22, 2023.11.17, 2024.2.2, 2024.6.2, 2024.7.4, 2024.8.30