GHSA-537c-gmf6-5ccf
ADVISORY - githubSummary
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in wheels prior to cryptograph 48.01 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20260609.txt.
If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.
GitHub
CVSS SCORE
7.5highChainguard
CREATED
UPDATED
ADVISORY ID
CGA-48f2-3qh9-f9x4
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-7f5j-2984-f4xx
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-7h8j-cq9x-3p4w
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-9jv8-649m-w74c
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-f6ff-4m75-9cqg
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-mg8w-8jj8-c8vc
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-mx8p-6mw9-mrqv
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-pjrv-cp7j-4pmm
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-rp43-45f7-44h3
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-