GHSA-xqr8-7jwr-rhp7

Source

https://github.com/advisories/GHSA-xqr8-7jwr-rhp7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-xqr8-7jwr-rhp7/GHSA-xqr8-7jwr-rhp7.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-xqr8-7jwr-rhp7

Aliases

Related

Published

2023-07-25T14:43:53Z

Modified

2024-02-16T08:23:44.896557Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Removal of e-Tugra root certificate

Details

Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. These are in the process of being removed from Mozilla's trust store.

e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.

References

Affected packages

PyPI / certifi

Package

Name: certifi; View open source insights on deps.dev
Purl: pkg:pypi/certifi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2015.4.28

Fixed

2023.7.22

Affected versions

2015.*

2015.04.28

2015.9.6

2015.9.6.1

2015.9.6.2

2015.11.20

2015.11.20.1

2016.*

2016.2.28

2016.8.2

2016.8.8

2016.8.31

2016.9.26

2017.*

2017.1.23

2017.4.17

2017.7.27

2017.7.27.1

2017.11.5

2018.*

2018.1.18

2018.4.16

2018.8.13

2018.8.24

2018.10.15

2018.11.29

2019.*

2019.3.9

2019.6.16

2019.9.11

2019.11.28

2020.*

2020.4.5

2020.4.5.1

2020.4.5.2

2020.6.20

2020.11.8

2020.12.5

2021.*

2021.5.30

2021.10.8

2022.*

2022.5.18

2022.5.18.1

2022.6.15

2022.6.15.1

2022.6.15.2

2022.9.14

2022.9.24

2022.12.7

2023.*

2023.5.7