CVE-2024-39689

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-39689

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39689.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-39689

Aliases

GHSA-248v-346w-9cwc

Related

Published

2024-07-05T19:15:10Z

Modified

2024-10-19T16:47:38.662189Z

Summary

[none]

Details

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from GLOBALTRUST. Certifi 2024.07.04 removes root certificates from GLOBALTRUST from the root store. These are in the process of being removed from Mozilla's trust store. GLOBALTRUST's root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."

References

Affected packages

Debian:11 / python-certifi

Package

Name: python-certifi
Purl: pkg:deb/debian/python-certifi?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2020.*

2020.6.20-1

2022.*

2022.6.15-2

2022.9.24-1

2023.*

2023.7.22-1

2023.11.17-1

2024.*

2024.6.2-1

2024.8.30-1

2024.8.30+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / python-certifi

Package

Name: python-certifi
Purl: pkg:deb/debian/python-certifi?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2022.*

2022.9.24-1

2023.*

2023.7.22-1

2023.11.17-1

2024.*

2024.6.2-1

2024.8.30-1

2024.8.30+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / python-certifi

Package

Name: python-certifi
Purl: pkg:deb/debian/python-certifi?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2024.8.30-1

Affected versions

2022.*

2022.9.24-1

2023.*

2023.7.22-1

2023.11.17-1

2024.*

2024.6.2-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/certifi/python-certifi

Affected ranges

Type: GIT
Repo: https://github.com/certifi/python-certifi
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

bd8153872e9c6fc98f4023df9c2deaffea2fa463

Affected versions

2015.*

2015.04.28

2015.09.06

2015.09.06.1

2015.09.06.2

2015.11.20

2015.11.20.1

2016.*

2016.02.28

2016.08.02

2016.08.08

2016.08.31

2016.09.26

2017.*

2017.01.23

2017.04.17

2017.07.27

2017.07.27.1

2017.11.05

2018.*

2018.01.18

2018.04.16

2018.08.13

2018.08.24

2018.10.15

2018.11.29

2019.*

2019.03.09

2019.06.16

2019.09.11

2019.11.28

2020.*

2020.04.05

2020.04.05.1

2020.04.05.2

2020.06.20

2020.11.08

2020.12.05

2021.*

2021.05.30

2021.10.08

2022.*

2022.05.18

2022.05.18.1

2022.06.15

2022.06.15.1

2022.06.15.2

2022.09.14

2022.09.24

2022.12.07

2023.*

2023.05.07

2023.07.22

2023.11.17

2024.*

2024.02.02

2024.06.02

v1.*

v1.0.0

v1.0.1