{"id":"AZL-35126","summary":"CVE-2023-37920 affecting package python-certifi for versions less than 2023.05.07-1.cm2","details":"Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes \"e-Tugra\" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from \"e-Tugra\" from the root store.","modified":"2026-04-21T04:27:51.922822Z","published":"2023-07-25T21:15:10Z","upstream":["CVE-2023-37920"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37920"}],"affected":[{"package":{"name":"python-certifi","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/python-certifi"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2023.05.07-1.cm2"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-35126.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}