CVE-2024-39689
HIGH7.5EPSS 26.3%Certifi removes GLOBALTRUST root certificate
發布日:2024/7/5修改日:2026/2/4
描述
Certifi 2024.07.04 removes root certificates from "GLOBALTRUST" from the root store. These are in the process of being removed from Mozilla's trust store. GLOBALTRUST's root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues". Conclusions of Mozilla's investigation can be found [here]( https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI).
受影響套件(3)
- Debian/python-certififrom 0
- PyPI/certifi>= 2021.5.30, < 2024.7.4
- PyPI/certififrom 0, < bd8153872e9c6fc98f4023df9c2deaffea2fa463, < bd8153872e9c6fc98f4023df9c2deaffea2fa463 | >= 2021.5.30, < 2024.7.4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
參考連結(9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-39689
- ADVISORYhttps://security.netapp.com/advisory/ntap-20241206-0001/
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2024-39689
- PATCHhttps://github.com/certifi/python-certifi
- WEBhttps://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463
- WEBhttps://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/certifi/PYSEC-2024-230.yaml
- WEBhttps://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI
- WEBhttps://security.netapp.com/advisory/ntap-20241206-0001