CVE-2024-37891 (urllib3 Python Library) & CVE-2024-39689 (certifi Python Library)
SoftNAS was flagged for CVE-2024-37891 and CVE-2024-39689.
Currently, the only way for the user to address these CVEs is for them to access the CLI and issue the following commands:
Python 3.11
python3 -m pip install --upgrade urllib3 certifi
Verify that no broken requirements are present by issuing the following command:
pip check
Python 3.6
/usr/libexec/platform-python -m pip install --upgrade urllib3 botocore
botocore
must also be upgraded to avoid a dependency issue.
Verify that no broken requirements are present by issuing the following command:
If the user does not upgrade urllib3 for both Python 3.11 and Python 3.6, the vulnerability will continue to pop for the SoftNAS instance.