Skip to content

Certifi removes GLOBALTRUST root certificate

Low severity GitHub Reviewed Published Jul 4, 2024 in certifi/python-certifi • Updated Jul 8, 2024

Package

pip certifi (pip)

Affected versions

>= 2021.05.30, < 2024.07.04

Patched versions

2024.07.04

Description

Certifi 2024.07.04 removes root certificates from "GLOBALTRUST" from the root store. These are in the process of being removed from Mozilla's trust store.

GLOBALTRUST's root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues". Conclusions of Mozilla's investigation can be found here.

References

@alex alex published to certifi/python-certifi Jul 4, 2024
Published by the National Vulnerability Database Jul 5, 2024
Published to the GitHub Advisory Database Jul 5, 2024
Reviewed Jul 5, 2024
Last updated Jul 8, 2024

Severity

Low

EPSS score

0.045%
(17th percentile)

Weaknesses

CVE ID

CVE-2024-39689

GHSA ID

GHSA-248v-346w-9cwc

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.