You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Getting the following issue when using alpine 3.20.1: Vulnerability Overview
CVE: CVE-2024-39689
Vulnerable Library: certifi-2023.7.22-py3-none-any.whl
Python Package: Certifi, used for providing Mozilla's CA Bundle.
Publish Date: July 5, 2024
CVSS 3.0 Base Score: 7.5 (High)
Vulnerability Description :
Certifi is a widely used library that provides a curated collection of Root Certificates to validate the trustworthiness of SSL certificates and verify the identity of TLS hosts. The affected version, certifi-2023.7.22-py3-none-any.whl, includes root certificates from GLOBALTRUST, which are now recognized as untrustworthy due to "long-running and unresolved compliance issues." These certificates are in the process of being removed from Mozilla's trust store. The newer version, certifi-2024.07.04, has removed these problematic root certificates.
Is there a plan to fix VA?
The text was updated successfully, but these errors were encountered:
Getting the following issue when using alpine 3.20.1:
Vulnerability Overview
CVE: CVE-2024-39689
Vulnerable Library: certifi-2023.7.22-py3-none-any.whl
Python Package: Certifi, used for providing Mozilla's CA Bundle.
Publish Date: July 5, 2024
CVSS 3.0 Base Score: 7.5 (High)
Vulnerability Description :
Certifi is a widely used library that provides a curated collection of Root Certificates to validate the trustworthiness of SSL certificates and verify the identity of TLS hosts. The affected version, certifi-2023.7.22-py3-none-any.whl, includes root certificates from GLOBALTRUST, which are now recognized as untrustworthy due to "long-running and unresolved compliance issues." These certificates are in the process of being removed from Mozilla's trust store. The newer version, certifi-2024.07.04, has removed these problematic root certificates.
Is there a plan to fix VA?
The text was updated successfully, but these errors were encountered: