PYSEC-2023-112

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/cryptography/PYSEC-2023-112.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2023-112
Aliases
Published
2023-07-14T20:15:00Z
Modified
2024-09-11T06:12:54.128245Z
Summary
[none]
Details

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.

References

Affected packages

PyPI / cryptography

Package

Name
cryptography
View open source insights on deps.dev
Purl
pkg:pypi/cryptography

Affected ranges

Type
ECOSYSTEM
Events
Introduced
40.0.0
Fixed
41.0.2

Affected versions

40.*

40.0.0
40.0.1
40.0.2

41.*

41.0.0
41.0.1

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/cryptography/PYSEC-2023-112.yaml"