CVE-2023-37920

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-37920
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-37920.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-37920
Aliases
Downstream
Related
Published
2023-07-25T20:45:35.286Z
Modified
2025-11-28T02:34:42.343145Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Certifi's removal of e-Tugra root certificate
Details

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/37xxx/CVE-2023-37920.json",
    "cwe_ids": [
        "CWE-345"
    ]
}
References

Affected packages

Git / github.com/certifi/python-certifi

Affected ranges

Type
GIT
Repo
https://github.com/certifi/python-certifi
Events
Introduced
04f5882b59f1dc80b8019f6be767c95751502cd0
Fixed
8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909

Affected versions

2015.*

2015.04.28
2015.09.06
2015.09.06.1
2015.09.06.2
2015.11.20
2015.11.20.1

2016.*

2016.02.28
2016.08.02
2016.08.08
2016.08.31
2016.09.26

2017.*

2017.01.23
2017.04.17
2017.07.27
2017.07.27.1
2017.11.05

2018.*

2018.01.18
2018.04.16
2018.08.13
2018.08.24
2018.10.15
2018.11.29

2019.*

2019.03.09
2019.06.16
2019.09.11
2019.11.28

2020.*

2020.04.05
2020.04.05.1
2020.04.05.2
2020.06.20
2020.11.08
2020.12.05

2021.*

2021.05.30
2021.10.08

2022.*

2022.05.18
2022.05.18.1
2022.06.15
2022.06.15.1
2022.06.15.2
2022.09.14
2022.09.24
2022.12.07

2023.*

2023.05.07