GHSA-248v-346w-9cwc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-248v-346w-9cwc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-248v-346w-9cwc/GHSA-248v-346w-9cwc.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-248v-346w-9cwc
- Aliases
- Related
- Published
- 2024-07-05T20:06:40Z
- Modified
- 2024-12-06T18:33:09.144686Z
- Summary
- Certifi removes GLOBALTRUST root certificate
- Details
-
Certifi 2024.07.04 removes root certificates from "GLOBALTRUST" from the root store. These are in the process of being removed from Mozilla's trust store.
GLOBALTRUST's root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues". Conclusions of Mozilla's investigation can be found here.
- Database specific
{ "nvd_published_at": "2024-07-05T19:15:10Z", "cwe_ids": [ "CWE-345" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-07-05T20:06:40Z" }- References
-
- https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
- https://nvd.nist.gov/vuln/detail/CVE-2024-39689
- https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463
- https://github.com/certifi/python-certifi
- https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI
- https://security.netapp.com/advisory/ntap-20241206-0001
Affected packages
PyPI / certifi
Package
- Name
- certifi
- View open source insights on deps.dev
- Purl
- pkg:pypi/certifi