CVE-2023-37920 (High) detected in certifi-2021.5.30-py2.py3-none-any.whl #13
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-github-com
bot
added
the
Mend: dependency security vulnerability
mend-for-github-com
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2023-37920 - High Severity Vulnerability
Python package for providing Mozilla's CA Bundle.
Library home page: https://files.pythonhosted.org/packages/05/1b/0a0dece0e8aa492a6ec9e4ad2fe366b511558cdc73fd3abc82ba7348e875/certifi-2021.5.30-py2.py3-none-any.whl
Path to dependency file: /amqp-postgres
Path to vulnerable library: /amqp-postgres,/cloudify_types/dev-requirements.txt,/workflows,/amqp-postgres/test-requirements.txt,/rest-service/dev-requirements.txt,/mgmtworker,/rest-service,/cloudify_types
Dependency Hierarchy:
Found in HEAD commit: 203fcf9f96b1849f0840fc2235bfef38a3ff706c
Found in base branch: master
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.
Publish Date: 2023-07-25
URL: CVE-2023-37920
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: GHSA-xqr8-7jwr-rhp7
Release Date: 2023-07-25
Fix Resolution: 2023.7.22
The text was updated successfully, but these errors were encountered: