CVE-2024-37891 (urllib3 Python Library) & CVE-2024-39689 (certifi Python Library)

SoftNAS was flagged for CVE-2024-37891 and CVE-2024-39689.

Currently, the only way for the user to address these CVEs is for them to access the CLI and issue the following commands:

Python 3.11

python3 -m pip install --upgrade urllib3 certifi


Verify that no broken requirements are present by issuing the following command:

pip check

 

Python 3.6

/usr/libexec/platform-python -m pip install --upgrade urllib3 botocore

botocore must also be upgraded to avoid a dependency issue.


Verify that no broken requirements are present by issuing the following command:

 

If the user does not upgrade urllib3 for both Python 3.11 and Python 3.6, the vulnerability will continue to pop for the SoftNAS instance.