UNKNOWN PyPI
Certifi removes GLOBALTRUST root certificate
GHSA-248v-346w-9cwc · CVE-2024-39689 · PYSEC-2024-230
Published · Modified
Description
Certifi 2024.07.04 removes root certificates from "GLOBALTRUST" from the root store. These are in the process of being removed from Mozilla's trust store.
GLOBALTRUST's root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues". Conclusions of Mozilla's investigation can be found here.
References
- WEB https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-39689
- WEB https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463
- PACKAGE https://github.com/certifi/python-certifi
- WEB https://github.com/pypa/advisory-database/tree/main/vulns/certifi/PYSEC-2024-230.yaml
- WEB https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI
- WEB https://security.netapp.com/advisory/ntap-20241206-0001
Ready to move
Start Securing
Free, no credit card | First findings in minutes