AZL-35126

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-35126.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-35126

Upstream

CVE-2023-37920

Published

2023-07-25T21:15:10Z

Modified

2026-04-21T04:27:51.922822Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2023-37920 affecting package python-certifi for versions less than 2023.05.07-1.cm2

Details

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-37920

Affected packages

Azure Linux:3 / python-certifi

Package

Name: python-certifi
Purl: pkg:rpm/azure-linux/python-certifi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2023.05.07-1.cm2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-35126.json"