N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-39hc-v87j-747x

EPSS Score

CWE

Published

11/2/2022

Updated

1/8/2023

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-39hc-v87j-747x

GHSA-39hc-v87j-747x: Vulnerable OpenSSL included in cryptography wheels

pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 37.0.0-38.0.3 are vulnerable to a number of security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20221101.txt.

If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-39hc-v87j-747x

EPSS Score

CWE

Published

11/2/2022

Updated

1/8/2023

KEV Status

Technology

Python

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
cryptography	pip	>= 37.0.0, < 38.0.3	38.0.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

py**/*rypto*r*p*y's w***ls in*lu** * st*ti**lly link** *opy o* Op*nSSL. T** v*rsions o* Op*nSSL in*lu*** in *rypto*r*p*y **.*.*-**.*.* *r* vuln*r**l* to * num**r o* s**urity issu*s. Mor* **t*ils **out t** vuln*r**iliti*s t**ms*lv*s **n ** *oun* in *t

Reasoning

No *n*lysis *v*il**l*

N/A

Basic Information

Concerned about an active attack path?

GHSA-39hc-v87j-747x: Vulnerable OpenSSL included in cryptography wheels

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI