{"id":"ALPINE-CVE-2023-37920","details":"Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes \"e-Tugra\" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from \"e-Tugra\" from the root store.","modified":"2026-03-09T01:20:52.383150Z","published":"2023-07-25T21:15:10.827Z","upstream":["CVE-2023-37920"],"references":[{"type":"ADVISORY","url":"https://security.alpinelinux.org/vuln/CVE-2023-37920"}],"affected":[{"package":{"name":"py3-certifi","ecosystem":"Alpine:v3.18","purl":"pkg:apk/alpine/py3-certifi?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2023.7.22-r0"}]}],"versions":["14.05.14-r0","2015.04.28-r0","2015.11.20-r0","2015.9.6.2-r0","2016.9.26-r0","2016.9.26-r1","2017.4.17-r0","2017.7.27.1-r0","2017.7.27.1-r1","2018.4.16-r0","2019.11.28-r0","2019.3.9-r0","2019.6.16-r0","2019.9.11-r0","2019.9.11-r1","2019.9.11-r2","2020.12.5-r0","2020.12.5-r1","2020.12.5-r2","2020.4.5.1-r0","2020.4.5.2-r0","2020.6.20-r0","2020.6.20-r1","2020.6.20-r2","2021.10.8-r0","2022.12.7-r0","2022.12.7-r1","2022.12.7-r2","2022.6.15-r0","2022.9.24-r0","2022.9.24-r1","2023.5.7-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2023-37920.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}