Python输入验证错误漏洞(CVE-2023-24329) Dragonfish-

truenas scale Python输入验证错误漏洞(CVE-2023-24329)“Python input validation vulnerability”,how to resolve it,how to update python 3.11.2 to new version in truenas scale 24.04?

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

Where is TN SCALE in scope for CVE-2023-24329? I’ve checked and can’t see anything of the sort, but you are welcome to take a look for yourself.

You file a bug ticket (assuming the devs aren’t already aware of the issue, which they likely are if it truly applies), and wait for the next release. TrueNAS is an appliance OS; you cannot update components of it piecemeal. As it’s been for 15+ years.

Don’t have the first clue what that says, but it doesn’t change the answer in the least.