Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS0yNDh2LTM0NnctOWN3Y84AA9m3

Certifi removes GLOBALTRUST root certificate

Certifi 2024.07.04 removes root certificates from "GLOBALTRUST" from the root store. These are in the process of being removed from Mozilla's trust store.

GLOBALTRUST's root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues". Conclusions of Mozilla's investigation can be found here.

Permalink: https://github.com/advisories/GHSA-248v-346w-9cwc
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yNDh2LTM0NnctOWN3Y84AA9m3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 2 months ago
Updated: 2 months ago

Identifiers: GHSA-248v-346w-9cwc, CVE-2024-39689
References:

Repository: https://github.com/certifi/python-certifi
Blast Radius: 0.0

Affected Packages

pypi:certifi

Dependent packages: 3,902
Dependent repositories: 415,524
Downloads: 506,475,434 last month
Affected Version Ranges: >= 2021.05.30, < 2024.07.04
Fixed in: 2024.07.04
All affected versions: 2021.5.30, 2021.10.8, 2022.5.18, 2022.6.15, 2022.9.14, 2022.9.24, 2022.12.7, 2023.5.7, 2023.7.22, 2023.11.17, 2024.2.2, 2024.6.2
All unaffected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 1.0.0, 1.0.1, 14.5.14, 2015.4.28, 2015.9.6, 2015.11.20, 2016.2.28, 2016.8.2, 2016.8.8, 2016.8.31, 2016.9.26, 2017.1.23, 2017.4.17, 2017.7.27, 2017.11.5, 2018.1.18, 2018.4.16, 2018.8.13, 2018.8.24, 2018.10.15, 2018.11.29, 2019.3.9, 2019.6.16, 2019.9.11, 2019.11.28, 2020.4.5, 2020.6.20, 2020.11.8, 2020.12.5, 2024.7.4, 2024.8.30