VulnerableCode Vulnerability Details - VCID-zgw3-pac5-8ff4

Search for vulnerabilities

Vulnerability details: VCID-zgw3-pac5-8ff4

Essentials
Severities (9)
References (8)
Severity details (9)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-zgw3-pac5-8ff4
Aliases	GHSA-jm77-qphf-c4w8 GMS-2023-1898
Summary	pyca/cryptography's wheels include vulnerable OpenSSL pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.8-41.0.2 are vulnerable to several security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20230731.txt, https://www.openssl.org/news/secadv/20230719.txt, and https://www.openssl.org/news/secadv/20230714.txt. If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.
Status	Published
Exploitability	0.5
Weighted Severity	2.7
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-jm77-qphf-c4w8
generic_textual	LOW	https://github.com/pyca/cryptography
generic_textual	LOW	https://github.com/pyca/cryptography/commit/b22271cf3c3dd8dc8978f8f4b00b5c7060b6538d
generic_textual	LOW	https://github.com/pyca/cryptography/commit/bfa4d95f0f356f2d535efd5c775e0fb3efe90ef2
cvssv3.1_qr	LOW	https://github.com/pyca/cryptography/security/advisories/GHSA-jm77-qphf-c4w8
generic_textual	LOW	https://github.com/pyca/cryptography/security/advisories/GHSA-jm77-qphf-c4w8
generic_textual	LOW	https://www.openssl.org/news/secadv/20230714.txt
generic_textual	LOW	https://www.openssl.org/news/secadv/20230719.txt
generic_textual	LOW	https://www.openssl.org/news/secadv/20230731.txt

Reference id	Reference type	URL
		https://github.com/pyca/cryptography
		https://github.com/pyca/cryptography/commit/b22271cf3c3dd8dc8978f8f4b00b5c7060b6538d
		https://github.com/pyca/cryptography/commit/bfa4d95f0f356f2d535efd5c775e0fb3efe90ef2
		https://github.com/pyca/cryptography/security/advisories/GHSA-jm77-qphf-c4w8
		https://www.openssl.org/news/secadv/20230714.txt
		https://www.openssl.org/news/secadv/20230719.txt
		https://www.openssl.org/news/secadv/20230731.txt
GHSA-jm77-qphf-c4w8		https://github.com/advisories/GHSA-jm77-qphf-c4w8

No exploits are available.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:43:22.637558+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-jm77-qphf-c4w8/GHSA-jm77-qphf-c4w8.json	37.0.0