Low severityNVD Advisory· Published Jul 5, 2024· Updated Feb 14, 2025
Certifi removes GLOBALTRUST root certificate
CVE-2024-39689
Description
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from GLOBALTRUST. Certifi 2024.7.04 removes root certificates from GLOBALTRUST from the root store. These are in the process of being removed from Mozilla's trust store. GLOBALTRUST's root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
certifiPyPI | >= 2021.5.30, < 2024.7.4 | 2024.7.4 |
Affected products
193- osv-coords192 versionspkg:apk/chainguard/airflowpkg:apk/chainguard/airflow-bitnami-compatpkg:apk/chainguard/airflow-compatpkg:apk/chainguard/azpkg:apk/chainguard/az-iamguarded-compatpkg:apk/chainguard/barmanpkg:apk/chainguard/barman-cloudnative-pgpkg:apk/chainguard/checkovpkg:apk/chainguard/confluent-docker-utilspkg:apk/chainguard/dask-gatewaypkg:apk/chainguard/dask-gateway-serverpkg:apk/chainguard/datadog-agentpkg:apk/chainguard/datadog-agent-core-integrationspkg:apk/chainguard/datadog-agent-fakeintakepkg:apk/chainguard/datadog-agent-jmxpkg:apk/chainguard/datadog-agent-oci-compatpkg:apk/chainguard/datadog-agent-s6-overlaypkg:apk/chainguard/datadog-cluster-agentpkg:apk/chainguard/datadog-cluster-agent-oci-compatpkg:apk/chainguard/dogstatsdpkg:apk/chainguard/jwt-toolpkg:apk/chainguard/k8s-sidecarpkg:apk/chainguard/k8s-sidecar-1.22pkg:apk/chainguard/katib-cert-generatorpkg:apk/chainguard/katib-cert-generator-compatpkg:apk/chainguard/katib-controllerpkg:apk/chainguard/katib-controller-compatpkg:apk/chainguard/katib-db-managerpkg:apk/chainguard/katib-db-manager-compatpkg:apk/chainguard/katib-earlystoppingpkg:apk/chainguard/katib-file-metricscollectorpkg:apk/chainguard/katib-file-metricscollector-compatpkg:apk/chainguard/katib-suggestion-goptunapkg:apk/chainguard/katib-suggestion-goptuna-compatpkg:apk/chainguard/katib-suggestion-hyperbandpkg:apk/chainguard/katib-suggestion-hyperoptpkg:apk/chainguard/katib-suggestion-nas-dartspkg:apk/chainguard/katib-suggestion-nas-enaspkg:apk/chainguard/katib-suggestion-optuna-enaspkg:apk/chainguard/katib-suggestion-pbt-enaspkg:apk/chainguard/katib-suggestion-skopt-enaspkg:apk/chainguard/katib-tfevent-metricscollectorpkg:apk/chainguard/kubeflow-jupyter-web-apppkg:apk/chainguard/kubeflow-katibpkg:apk/chainguard/kubeflow-pipelinespkg:apk/chainguard/kubeflow-pipelines-apiserverpkg:apk/chainguard/kubeflow-pipelines-cache-deployerpkg:apk/chainguard/kubeflow-pipelines-cache-deployer-compatpkg:apk/chainguard/kubeflow-pipelines-cache_serverpkg:apk/chainguard/kubeflow-pipelines-frontendpkg:apk/chainguard/kubeflow-pipelines-metadata-envoy-configpkg:apk/chainguard/kubeflow-pipelines-metadata-writerpkg:apk/chainguard/kubeflow-pipelines-metadata-writer-compatpkg:apk/chainguard/kubeflow-pipelines-persistence_agentpkg:apk/chainguard/kubeflow-pipelines-scheduledworkflowpkg:apk/chainguard/kubeflow-pipelines-viewer-crd-controllerpkg:apk/chainguard/kubeflow-pipelines-visualization-serverpkg:apk/chainguard/kubeflow-volumes-web-apppkg:apk/chainguard/mlflowpkg:apk/chainguard/mlflow-bitnamipkg:apk/chainguard/mlflow-iamguarded-compatpkg:apk/chainguard/nvidia-nsight-compute-13.1pkg:apk/chainguard/patronipkg:apk/chainguard/py3.10-certifipkg:apk/chainguard/py3.10-pipenvpkg:apk/chainguard/py3.10-pipenv-binpkg:apk/chainguard/py3.10-pytorch-cuda-11.8pkg:apk/chainguard/py3.10-pytorch-cuda-12.3pkg:apk/chainguard/py3.10-torchvision-cuda-11.8pkg:apk/chainguard/py3.10-torchvision-cuda-12.3pkg:apk/chainguard/py3.10-wheels-torch-cuda-11.8pkg:apk/chainguard/py3.10-wheels-torch-cuda-12.3pkg:apk/chainguard/py3.10-wheels-torchvision-cuda-11.8pkg:apk/chainguard/py3.10-wheels-torchvision-cuda-12.3pkg:apk/chainguard/py3.11-certifipkg:apk/chainguard/py3.11-pipenvpkg:apk/chainguard/py3.11-pipenv-binpkg:apk/chainguard/py3.11-pytorch-cuda-12.3pkg:apk/chainguard/py3.11-torchaudio-cuda-12.3pkg:apk/chainguard/py3.11-torchvision-cuda-11.8pkg:apk/chainguard/py3.11-torchvision-cuda-12.3pkg:apk/chainguard/py3.11-wheels-torchaudio-cuda-12.3pkg:apk/chainguard/py3.11-wheels-torch-cuda-12.3pkg:apk/chainguard/py3.11-wheels-torchvision-cuda-11.8pkg:apk/chainguard/py3.11-wheels-torchvision-cuda-12.3pkg:apk/chainguard/py3.12-certifipkg:apk/chainguard/py3.12-pipenvpkg:apk/chainguard/py3.12-pipenv-binpkg:apk/chainguard/py3.12-pytorch-cuda-11.8pkg:apk/chainguard/py3.12-pytorch-cuda-12.3pkg:apk/chainguard/py3.12-torchvision-cuda-12.3pkg:apk/chainguard/py3.12-wheels-torch-cuda-11.8pkg:apk/chainguard/py3.12-wheels-torch-cuda-12.3pkg:apk/chainguard/py3.12-wheels-torchvision-cuda-11.8pkg:apk/chainguard/py3.12-wheels-torchvision-cuda-12.3pkg:apk/chainguard/py3.13-pipenvpkg:apk/chainguard/py3.13-pipenv-binpkg:apk/chainguard/py3-cassandra-medusapkg:apk/chainguard/py3-cassandra-medusa-compatpkg:apk/chainguard/py3-certifipkg:apk/chainguard/py3-pipenvpkg:apk/chainguard/py3-supported-pipenvpkg:apk/chainguard/reflexpkg:apk/chainguard/request-1276pkg:apk/chainguard/request-1276-compatpkg:apk/chainguard/supersetpkg:apk/chainguard/superset-cipkg:apk/chainguard/superset-entrypointpkg:apk/chainguard/superset-iamguarded-compatpkg:apk/wolfi/airflowpkg:apk/wolfi/airflow-bitnami-compatpkg:apk/wolfi/airflow-compatpkg:apk/wolfi/azpkg:apk/wolfi/az-iamguarded-compatpkg:apk/wolfi/checkovpkg:apk/wolfi/confluent-docker-utilspkg:apk/wolfi/dask-gatewaypkg:apk/wolfi/dask-gateway-serverpkg:apk/wolfi/datadog-agentpkg:apk/wolfi/datadog-agent-core-integrationspkg:apk/wolfi/datadog-agent-fakeintakepkg:apk/wolfi/datadog-agent-jmxpkg:apk/wolfi/datadog-agent-oci-compatpkg:apk/wolfi/datadog-agent-s6-overlaypkg:apk/wolfi/datadog-cluster-agentpkg:apk/wolfi/datadog-cluster-agent-oci-compatpkg:apk/wolfi/dogstatsdpkg:apk/wolfi/jwt-toolpkg:apk/wolfi/k8s-sidecarpkg:apk/wolfi/katib-cert-generatorpkg:apk/wolfi/katib-cert-generator-compatpkg:apk/wolfi/katib-controllerpkg:apk/wolfi/katib-controller-compatpkg:apk/wolfi/katib-db-managerpkg:apk/wolfi/katib-db-manager-compatpkg:apk/wolfi/katib-earlystoppingpkg:apk/wolfi/katib-file-metricscollectorpkg:apk/wolfi/katib-file-metricscollector-compatpkg:apk/wolfi/katib-suggestion-goptunapkg:apk/wolfi/katib-suggestion-goptuna-compatpkg:apk/wolfi/katib-suggestion-hyperbandpkg:apk/wolfi/katib-suggestion-hyperoptpkg:apk/wolfi/katib-suggestion-nas-dartspkg:apk/wolfi/katib-suggestion-nas-enaspkg:apk/wolfi/katib-suggestion-optuna-enaspkg:apk/wolfi/katib-suggestion-pbt-enaspkg:apk/wolfi/katib-suggestion-skopt-enaspkg:apk/wolfi/katib-tfevent-metricscollectorpkg:apk/wolfi/kubeflow-jupyter-web-apppkg:apk/wolfi/kubeflow-katibpkg:apk/wolfi/kubeflow-pipelinespkg:apk/wolfi/kubeflow-pipelines-apiserverpkg:apk/wolfi/kubeflow-pipelines-cache-deployerpkg:apk/wolfi/kubeflow-pipelines-cache-deployer-compatpkg:apk/wolfi/kubeflow-pipelines-cache_serverpkg:apk/wolfi/kubeflow-pipelines-frontendpkg:apk/wolfi/kubeflow-pipelines-metadata-envoy-configpkg:apk/wolfi/kubeflow-pipelines-metadata-writerpkg:apk/wolfi/kubeflow-pipelines-metadata-writer-compatpkg:apk/wolfi/kubeflow-pipelines-persistence_agentpkg:apk/wolfi/kubeflow-pipelines-scheduledworkflowpkg:apk/wolfi/kubeflow-pipelines-viewer-crd-controllerpkg:apk/wolfi/kubeflow-pipelines-visualization-serverpkg:apk/wolfi/kubeflow-volumes-web-apppkg:apk/wolfi/mlflowpkg:apk/wolfi/mlflow-bitnamipkg:apk/wolfi/mlflow-iamguarded-compatpkg:apk/wolfi/patronipkg:apk/wolfi/py3.10-certifipkg:apk/wolfi/py3.10-pipenvpkg:apk/wolfi/py3.10-pipenv-binpkg:apk/wolfi/py3.11-certifipkg:apk/wolfi/py3.11-pipenvpkg:apk/wolfi/py3.11-pipenv-binpkg:apk/wolfi/py3.12-certifipkg:apk/wolfi/py3.12-pipenvpkg:apk/wolfi/py3.12-pipenv-binpkg:apk/wolfi/py3.13-pipenvpkg:apk/wolfi/py3.13-pipenv-binpkg:apk/wolfi/py3-cassandra-medusapkg:apk/wolfi/py3-cassandra-medusa-compatpkg:apk/wolfi/py3-certifipkg:apk/wolfi/py3-pipenvpkg:apk/wolfi/py3-supported-pipenvpkg:apk/wolfi/reflexpkg:apk/wolfi/supersetpkg:apk/wolfi/superset-cipkg:apk/wolfi/superset-entrypointpkg:apk/wolfi/superset-iamguarded-compatpkg:pypi/certifipkg:rpm/opensuse/oci-cli&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-certifi&distro=openSUSE%20Tumbleweed
< 2.9.2-r2+ 191 more
- (no CPE)range: < 2.9.2-r2
- (no CPE)range: < 2.9.2-r2
- (no CPE)range: < 2.9.2-r2
- (no CPE)range: < 2.61.0-r2
- (no CPE)range: < 2.61.0-r2
- (no CPE)range: < 3.10.1-r2
- (no CPE)range: < 3.10.1-r2
- (no CPE)range: < 3.0.34-r1
- (no CPE)range: < 0.0.82-r1
- (no CPE)range: < 2024.1.0-r8
- (no CPE)range: < 2024.1.0-r8
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 2.2.7-r1
- (no CPE)range: < 1.27.4-r2
- (no CPE)range: < 1.22.4-r2
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 1.8.0-r10
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.3.0-r1
- (no CPE)range: < 1.8.0-r8
- (no CPE)range: < 2.14.2-r0
- (no CPE)range: < 2.14.2-r0
- (no CPE)range: < 2.14.2-r0
- (no CPE)range: < 2025.4.1.2-r1
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 2024.07.04-r0
- (no CPE)range: < 2024.4.1-r0
- (no CPE)range: < 2024.4.1-r0
- (no CPE)range: < 2.3.1-r2
- (no CPE)range: < 2.3.1-r2
- (no CPE)range: < 0.18.1-r3
- (no CPE)range: < 0.18.1-r4
- (no CPE)range: < 2.3.1-r2
- (no CPE)range: < 2.3.1-r2
- (no CPE)range: < 0.18.1-r3
- (no CPE)range: < 0.18.1-r4
- (no CPE)range: < 2024.07.04-r0
- (no CPE)range: < 2024.4.1-r0
- (no CPE)range: < 2024.4.1-r0
- (no CPE)range: < 2.3.1-r6
- (no CPE)range: < 2.3.1-r1
- (no CPE)range: < 0.18.1-r3
- (no CPE)range: < 0.18.1-r5
- (no CPE)range: < 2.3.1-r1
- (no CPE)range: < 2.3.1-r6
- (no CPE)range: < 0.18.1-r3
- (no CPE)range: < 0.18.1-r5
- (no CPE)range: < 2024.07.04-r0
- (no CPE)range: < 2024.4.1-r0
- (no CPE)range: < 2024.4.1-r0
- (no CPE)range: < 2.3.1-r1
- (no CPE)range: < 2.3.1-r1
- (no CPE)range: < 0.18.1-r2
- (no CPE)range: < 2.3.1-r1
- (no CPE)range: < 2.3.1-r1
- (no CPE)range: < 0.18.1-r2
- (no CPE)range: < 0.18.1-r2
- (no CPE)range: < 2024.4.1-r0
- (no CPE)range: < 2024.4.1-r0
- (no CPE)range: < 0.23.0-r30
- (no CPE)range: < 0.23.0-r30
- (no CPE)range: < 2024.07.04-r0
- (no CPE)range: < 2024.4.1-r0
- (no CPE)range: < 2024.4.1-r0
- (no CPE)range: < 0.5.6-r0
- (no CPE)range: < 0.23.0-r0
- (no CPE)range: < 0.23.0-r0
- (no CPE)range: < 4.0.2-r1
- (no CPE)range: < 4.0.2-r1
- (no CPE)range: < 4.0.2-r1
- (no CPE)range: < 4.0.2-r1
- (no CPE)range: < 2.9.2-r2
- (no CPE)range: < 2.9.2-r2
- (no CPE)range: < 2.9.2-r2
- (no CPE)range: < 2.61.0-r2
- (no CPE)range: < 2.61.0-r2
- (no CPE)range: < 3.0.34-r1
- (no CPE)range: < 0.0.82-r1
- (no CPE)range: < 2024.1.0-r8
- (no CPE)range: < 2024.1.0-r8
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 7.55.2-r0
- (no CPE)range: < 2.2.7-r1
- (no CPE)range: < 1.27.4-r2
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 1.8.0-r10
- (no CPE)range: < 0.18.0-r0
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.2.0-r6
- (no CPE)range: < 2.3.0-r1
- (no CPE)range: < 1.8.0-r8
- (no CPE)range: < 2.14.2-r0
- (no CPE)range: < 2.14.2-r0
- (no CPE)range: < 2.14.2-r0
- (no CPE)range: < 3.3.2-r0
- (no CPE)range: < 2024.07.04-r0
- (no CPE)range: < 2024.4.1-r0
- (no CPE)range: < 2024.4.1-r0
- (no CPE)range: < 2024.07.04-r0
- (no CPE)range: < 2024.4.1-r0
- (no CPE)range: < 2024.4.1-r0
- (no CPE)range: < 2024.07.04-r0
- (no CPE)range: < 2024.4.1-r0
- (no CPE)range: < 2024.4.1-r0
- (no CPE)range: < 2024.4.1-r0
- (no CPE)range: < 2024.4.1-r0
- (no CPE)range: < 0.23.0-r30
- (no CPE)range: < 0.23.0-r30
- (no CPE)range: < 2024.07.04-r0
- (no CPE)range: < 2024.4.1-r0
- (no CPE)range: < 2024.4.1-r0
- (no CPE)range: < 0.5.6-r0
- (no CPE)range: < 4.0.2-r1
- (no CPE)range: < 4.0.2-r1
- (no CPE)range: < 4.0.2-r1
- (no CPE)range: < 4.0.2-r1
- (no CPE)range: >= 2021.5.30, < 2024.7.4
- (no CPE)range: < 3.54.1-1.1
- (no CPE)range: < 2024.7.4-1.1
- certifi/python-certifiv5Range: >= 2021.5.30, < 2024.7.4
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-248v-346w-9cwcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-39689ghsaADVISORY
- github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463ghsax_refsource_MISCWEB
- github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwcghsax_refsource_CONFIRMWEB
- github.com/pypa/advisory-database/tree/main/vulns/certifi/PYSEC-2024-230.yamlghsaWEB
- groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dIghsax_refsource_MISCWEB
- security.netapp.com/advisory/ntap-20241206-0001ghsaWEB
News mentions
0No linked articles in our index yet.