PyPI: certifi
CVE-2024-39689
Safety vulnerability ID: SFTY-20240705-75966
Safety legacy ID: pyup.io-72083
Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store.
Overview
Certifi removes GLOBALTRUST root certificate
Advisory
Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20240705-75966/CVE-2024-39689
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39689
- https://github.com/advisories/GHSA-248v-346w-9cwc
- https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463
- https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
- https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463
- https://nvd.nist.gov/vuln/detail/CVE-2024-39689
- https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI
- https://security.netapp.com/advisory/ntap-20241206-0001
- https://github.com/pypa/advisory-database/tree/main/vulns/certifi/PYSEC-2024-230.yaml
- https://github.com/advisories/GHSA-248v-346w-9cwc
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more