GHSA-248v-346w-9cwc

Suggest an improvement
Source
https://github.com/advisories/GHSA-248v-346w-9cwc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-248v-346w-9cwc/GHSA-248v-346w-9cwc.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-248v-346w-9cwc
Aliases
Related
Published
2024-07-05T20:06:40Z
Modified
2024-12-06T18:31:21.963298Z
Summary
Certifi removes GLOBALTRUST root certificate
Details

Certifi 2024.07.04 removes root certificates from "GLOBALTRUST" from the root store. These are in the process of being removed from Mozilla's trust store.

GLOBALTRUST's root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues". Conclusions of Mozilla's investigation can be found here.

Database specific
{
    "nvd_published_at": "2024-07-05T19:15:10Z",
    "cwe_ids": [
        "CWE-345"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-05T20:06:40Z"
}
References

Affected packages

PyPI / certifi

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2021.05.30
Fixed
2024.07.04

Affected versions

2021.*

2021.5.30
2021.10.8

2022.*

2022.5.18
2022.5.18.1
2022.6.15
2022.6.15.1
2022.6.15.2
2022.9.14
2022.9.24
2022.12.7

2023.*

2023.5.7
2023.7.22
2023.11.17

2024.*

2024.2.2
2024.6.2