Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/36824?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36824?format=api", "vulnerability_id": "VCID-x7d6-ubu1-6kb8", "summary": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified \"long-running and unresolved compliance issues.\"", "aliases": [ { "alias": "CVE-2024-39689" }, { "alias": "PYSEC-2024-230" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41807?format=api", "purl": "pkg:pypi/certifi@2024.7.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/certifi@2024.7.4" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30216?format=api", "purl": "pkg:pypi/certifi@2021.5.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m6sk-yvkx-qkgq" }, { "vulnerability": "VCID-smen-j1gp-hfh8" }, { "vulnerability": "VCID-x7d6-ubu1-6kb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/certifi@2021.5.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/30217?format=api", "purl": "pkg:pypi/certifi@2021.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m6sk-yvkx-qkgq" }, { "vulnerability": "VCID-smen-j1gp-hfh8" }, { "vulnerability": "VCID-x7d6-ubu1-6kb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/certifi@2021.10.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/30218?format=api", "purl": "pkg:pypi/certifi@2022.5.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m6sk-yvkx-qkgq" }, { "vulnerability": "VCID-smen-j1gp-hfh8" }, { "vulnerability": "VCID-x7d6-ubu1-6kb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/certifi@2022.5.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/30219?format=api", "purl": "pkg:pypi/certifi@2022.5.18.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m6sk-yvkx-qkgq" }, { "vulnerability": "VCID-smen-j1gp-hfh8" }, { "vulnerability": "VCID-x7d6-ubu1-6kb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/certifi@2022.5.18.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30220?format=api", "purl": "pkg:pypi/certifi@2022.6.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m6sk-yvkx-qkgq" }, { "vulnerability": "VCID-smen-j1gp-hfh8" }, { "vulnerability": "VCID-x7d6-ubu1-6kb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/certifi@2022.6.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/30221?format=api", "purl": "pkg:pypi/certifi@2022.6.15.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m6sk-yvkx-qkgq" }, { "vulnerability": "VCID-smen-j1gp-hfh8" }, { "vulnerability": "VCID-x7d6-ubu1-6kb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/certifi@2022.6.15.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30222?format=api", "purl": "pkg:pypi/certifi@2022.6.15.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m6sk-yvkx-qkgq" }, { "vulnerability": "VCID-smen-j1gp-hfh8" }, { "vulnerability": "VCID-x7d6-ubu1-6kb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/certifi@2022.6.15.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/30223?format=api", "purl": "pkg:pypi/certifi@2022.9.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m6sk-yvkx-qkgq" }, { "vulnerability": "VCID-smen-j1gp-hfh8" }, { "vulnerability": "VCID-x7d6-ubu1-6kb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/certifi@2022.9.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/30224?format=api", "purl": "pkg:pypi/certifi@2022.9.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m6sk-yvkx-qkgq" }, { "vulnerability": "VCID-smen-j1gp-hfh8" }, { "vulnerability": "VCID-x7d6-ubu1-6kb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/certifi@2022.9.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/30225?format=api", "purl": "pkg:pypi/certifi@2022.12.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-smen-j1gp-hfh8" }, { "vulnerability": "VCID-x7d6-ubu1-6kb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/certifi@2022.12.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/35095?format=api", "purl": "pkg:pypi/certifi@2023.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-smen-j1gp-hfh8" }, { "vulnerability": "VCID-x7d6-ubu1-6kb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/certifi@2023.5.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/35096?format=api", "purl": "pkg:pypi/certifi@2023.7.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-x7d6-ubu1-6kb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/certifi@2023.7.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/41804?format=api", "purl": "pkg:pypi/certifi@2023.11.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-x7d6-ubu1-6kb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/certifi@2023.11.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/41805?format=api", "purl": "pkg:pypi/certifi@2024.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-x7d6-ubu1-6kb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/certifi@2024.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/41806?format=api", "purl": "pkg:pypi/certifi@2024.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-x7d6-ubu1-6kb8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/certifi@2024.6.2" } ], "references": [ { "reference_url": "https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463" }, { "reference_url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc" }, { "reference_url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20241206-0001/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://security.netapp.com/advisory/ntap-20241206-0001/" } ], "weaknesses": [], "exploits": [], "severity_range_score": "7.5 - 7.5", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x7d6-ubu1-6kb8" }