{"id":"CVE-2023-37920","summary":"Certifi's removal of e-Tugra root certificate","details":"Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes \"e-Tugra\" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from \"e-Tugra\" from the root store.","aliases":["GHSA-xqr8-7jwr-rhp7","PYSEC-2023-135"],"modified":"2026-04-10T04:58:52.031346Z","published":"2023-07-25T20:45:35.286Z","related":["ALSA-2023:7753","ALSA-2024:0133","CGA-fhcx-m79g-26vp"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/37xxx/CVE-2023-37920.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-345"]},"references":[{"type":"WEB","url":"https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/37xxx/CVE-2023-37920.json"},{"type":"ADVISORY","url":"https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37920"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240912-0002/"},{"type":"FIX","url":"https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/certifi/python-certifi","events":[{"introduced":"0"},{"fixed":"8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909"}]},{"type":"GIT","repo":"https://github.com/certifi/python-certifi","events":[{"introduced":"0"},{"fixed":"8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909"}]}],"versions":["2015.04.28","2015.09.06","2015.09.06.1","2015.09.06.2","2015.11.20","2015.11.20.1","2016.02.28","2016.08.02","2016.08.08","2016.08.31","2016.09.26","2017.01.23","2017.04.17","2017.07.27.1","2017.11.05","2018.01.18","2018.04.16","2018.08.13","2018.08.24","2018.10.15","2018.11.29","2019.03.09","2019.06.16","2019.09.11","2019.11.28","2020.04.05","2020.04.05.1","2020.04.05.2","2020.06.20","2020.11.08","2020.12.05","2021.05.30","2021.10.08","2022.05.18","2022.05.18.1","2022.06.15","2022.06.15.1","2022.06.15.2","2022.09.14","2022.09.24","2022.12.07","2023.05.07","v1.0.0","v1.0.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-37920.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}