/
CVE-2024-37891 (urllib3 Python Library) & CVE-2024-39689 (certifi Python Library)
CVE-2024-37891 (urllib3 Python Library) & CVE-2024-39689 (certifi Python Library)
- Shawn Fletcher
Owned by Shawn Fletcher
SoftNAS was flagged for CVE-2024-37891 and CVE-2024-39689.
Currently, the only way for the user to address these CVEs is for them to access the CLI and issue the following commands:
Python 3.11
python3 -m pip install --upgrade urllib3 certifi
Verify that no broken requirements are present by issuing the following command:
pip check
Python 3.6
/usr/libexec/platform-python -m pip install --upgrade urllib3 botocorebotocore must also be upgraded to avoid a dependency issue.
Verify that no broken requirements are present by issuing the following command:
If the user does not upgrade urllib3 for both Python 3.11 and Python 3.6, the vulnerability will continue to pop for the SoftNAS instance.
, multiple selections available,
Related content
[SoftNAS KB]: Samba Shares audit logging
[SoftNAS KB]: Samba Shares audit logging
Read with this
[SoftNAS KB]: Installing Hotfix for CVE-2015-7547
[SoftNAS KB]: Installing Hotfix for CVE-2015-7547
More like this
Responding to the results of a security scan
Responding to the results of a security scan
More like this
SoftNAS 5 Release Notes
SoftNAS 5 Release Notes
More like this
SoftNAS guidance on the Spectre/Meltdown CPU Vulnerability
SoftNAS guidance on the Spectre/Meltdown CPU Vulnerability
More like this
[SoftNAS KB] Installation of 3rd party tools may void support
[SoftNAS KB] Installation of 3rd party tools may void support
More like this