{"id":"PYSEC-2023-135","details":"Certifi 2023.07.22 removes root certificates from \"e-Tugra\" from the root store. These are in the process of being removed from Mozilla's trust store. e-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems.","aliases":["CVE-2023-37920","GHSA-xqr8-7jwr-rhp7"],"modified":"2023-11-08T04:13:04.801823Z","published":"2023-08-03T19:36:12Z","references":[{"type":"WEB","url":"https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A"},{"type":"WEB","url":"https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37920"},{"type":"ADVISORY","url":"https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7"}],"affected":[{"package":{"name":"certifi","ecosystem":"PyPI","purl":"pkg:pypi/certifi"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2015.4.28"},{"fixed":"2023.7.22"}]}],"versions":["2015.04.28","2015.11.20","2015.11.20.1","2015.9.6","2015.9.6.1","2015.9.6.2","2016.2.28","2016.8.2","2016.8.31","2016.8.8","2016.9.26","2017.1.23","2017.11.5","2017.4.17","2017.7.27","2017.7.27.1","2018.1.18","2018.10.15","2018.11.29","2018.4.16","2018.8.13","2018.8.24","2019.11.28","2019.3.9","2019.6.16","2019.9.11","2020.11.8","2020.12.5","2020.4.5","2020.4.5.1","2020.4.5.2","2020.6.20","2021.10.8","2021.5.30","2022.12.7","2022.5.18","2022.5.18.1","2022.6.15","2022.6.15.1","2022.6.15.2","2022.9.14","2022.9.24","2023.5.7"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/certifi/PYSEC-2023-135.yaml"}}],"schema_version":"1.7.3"}