certifi 2016.2.28 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the certifi package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
C Improper Following of a Certificate's Chain of Trust Affected versions of this package are vulnerable to Improper Following of a Certificate's Chain of Trust. E-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here. Note: This issue is not an inherent vulnerability in the package, but a security measure against potential harmful effects of trusting the now-revoked root certificates. How to fix Improper Following of a Certificate's Chain of Trust? Upgrade `certifi` to version 2023.7.22 or higher.	[2015.04.28,2023.7.22)
M Insufficient Verification of Data Authenticity Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity resulting in Certifi root certificate removal from TrustCor. The root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. How to fix Insufficient Verification of Data Authenticity? Upgrade `certifi` to version 2022.12.7 or higher.	[,2022.12.7)
M Improper Certificate Validation `certifi` is a Python package for providing Mozilla's CA Bundle. Affected versions of this package are vulnerable to Improper Certificate Validation due to not rejecting the deprecated 1024-bit certificates, and only giving a warning.	[,2017.4.17)

Vulnerability

Vulnerable Version

Improper Following of a Certificate's Chain of Trust

Affected versions of this package are vulnerable to Improper Following of a Certificate's Chain of Trust. E-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here.

Note:

This issue is not an inherent vulnerability in the package, but a security measure against potential harmful effects of trusting the now-revoked root certificates.

How to fix Improper Following of a Certificate's Chain of Trust?

Upgrade certifi to version 2023.7.22 or higher.

[2015.04.28,2023.7.22)

Insufficient Verification of Data Authenticity

Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity resulting in Certifi root certificate removal from TrustCor. The root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware.

How to fix Insufficient Verification of Data Authenticity?

Upgrade certifi to version 2022.12.7 or higher.

[,2022.12.7)

Improper Certificate Validation

certifi is a Python package for providing Mozilla's CA Bundle.

Affected versions of this package are vulnerable to Improper Certificate Validation due to not rejecting the deprecated 1024-bit certificates, and only giving a warning.

[,2017.4.17)

certifi@2016.2.28 vulnerabilities

Python package for providing Mozilla's CA Bundle.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically