VulnerableCode Vulnerability Details - VCID-4j5v-k162-tfgd

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-4j5v-k162-tfgd

Essentials
Severities (6)
References (5)
Severity details (6)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-4j5v-k162-tfgd
Aliases	GHSA-5cpq-8wj7-hf2v GMS-2023-1778
Summary	Vulnerable OpenSSL included in cryptography wheels pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.5-40.0.2 is vulnerable to a security issue. More details about the vulnerability itself can be found in https://www.openssl.org/news/secadv/20230530.txt. If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.
Status	Published
Exploitability	0.5
Weighted Severity	2.7
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	LOW	https://cryptography.io/en/latest/changelog/#v41-0-0
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-5cpq-8wj7-hf2v
generic_textual	LOW	https://github.com/pyca/cryptography
generic_textual	LOW	https://github.com/pyca/cryptography/commit/8708245ccdeaff21d65eea68a4f8d2a7c5949a22
cvssv3.1_qr	LOW	https://github.com/pyca/cryptography/security/advisories/GHSA-5cpq-8wj7-hf2v
generic_textual	LOW	https://github.com/pyca/cryptography/security/advisories/GHSA-5cpq-8wj7-hf2v

Reference id	Reference type	URL
		https://cryptography.io/en/latest/changelog/#v41-0-0
		https://github.com/pyca/cryptography
		https://github.com/pyca/cryptography/commit/8708245ccdeaff21d65eea68a4f8d2a7c5949a22
GHSA-5cpq-8wj7-hf2v		https://github.com/advisories/GHSA-5cpq-8wj7-hf2v
GHSA-5cpq-8wj7-hf2v		https://github.com/pyca/cryptography/security/advisories/GHSA-5cpq-8wj7-hf2v

No exploits are available.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:51:21.156865+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/GMS-2023-1778.yml	38.0.0