GHSA-xqr8-7jwr-rhp7

Suggest an improvement
Source
https://github.com/advisories/GHSA-xqr8-7jwr-rhp7
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-xqr8-7jwr-rhp7/GHSA-xqr8-7jwr-rhp7.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-xqr8-7jwr-rhp7
Aliases
Related
Published
2023-07-25T14:43:53Z
Modified
2024-02-16T08:23:44.896557Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Removal of e-Tugra root certificate
Details

Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.

e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.

Database specific 
{
    "nvd_published_at": "2023-07-25T21:15:10Z",
    "cwe_ids": [
        "CWE-345"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-25T14:43:53Z"
}
References

Affected packages

PyPI / certifi

Package

Name
certifi
View open source insights on deps.dev
Purl
pkg:pypi/certifi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2015.4.28
Fixed
2023.7.22

Affected versions

2015.*

2015.04.28
2015.9.6
2015.9.6.1
2015.9.6.2
2015.11.20
2015.11.20.1

2016.*

2016.2.28
2016.8.2
2016.8.8
2016.8.31
2016.9.26

2017.*

2017.1.23
2017.4.17
2017.7.27
2017.7.27.1
2017.11.5

2018.*

2018.1.18
2018.4.16
2018.8.13
2018.8.24
2018.10.15
2018.11.29

2019.*

2019.3.9
2019.6.16
2019.9.11
2019.11.28

2020.*

2020.4.5
2020.4.5.1
2020.4.5.2
2020.6.20
2020.11.8
2020.12.5

2021.*

2021.5.30
2021.10.8

2022.*

2022.5.18
2022.5.18.1
2022.6.15
2022.6.15.1
2022.6.15.2
2022.9.14
2022.9.24
2022.12.7

2023.*

2023.5.7