CVE-2024-39689

Name
CVE-2024-39689
Description
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
MISC https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463
MISC https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI
af854a3a-2127-422b-91ae-364da2661108 https://security.netapp.com/advisory/ntap-20241206-0001/

Match rules

CPE URI Source package Min version Max version
python-certifi >= 2021.05.30 < 2024.07.04
cpe:2.3:a:certifi:certifi:*:*:*:*:*:python:*:* py3-certifi >= 2021.5.30 < 2024.7.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
py3-certifi 3.20-main 2024.2.2-r1 Dmitry Romanenko <dmitry@romanenko.in> possibly vulnerable
py3-certifi 3.19-main 2024.2.2-r0 Dmitry Romanenko <dmitry@romanenko.in> possibly vulnerable