2024.12.14
12 years ago
4 days ago
Known vulnerabilities in the certifi package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to the presence of the root certificate for GLOBALTRUST in the root store. The root certificates are being removed pursuant to an investigation into non-compliance. How to fix Insufficient Verification of Data Authenticity? Upgrade | [2021.5.30,2024.7.4) |
Affected versions of this package are vulnerable to Improper Following of a Certificate's Chain of Trust. E-Tugra's root certificates are being removed pursuant to an investigation prompted by reporting of security issues in their systems. Conclusions of Mozilla's investigation can be found here. Note: This issue is not an inherent vulnerability in the package, but a security measure against potential harmful effects of trusting the now-revoked root certificates. How to fix Improper Following of a Certificate's Chain of Trust? Upgrade | [2015.04.28,2023.7.22) |
Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity resulting in Certifi root certificate removal from TrustCor. The root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. How to fix Insufficient Verification of Data Authenticity? Upgrade | [,2022.12.7) |