The nutanix AHV python SDKs are pinned to an old and vulnerable version of certifi which introduces cve-2024-39689 into integrations that leverages this.
I previously wrote up a very detailed post on this but it was deleted with no explanation. If there is a better place to post this please DM me at let me know.
Hi justin-t
Nutanix have a security disclosure program - https://portal.nutanix.com/page/security/security-contact. Whilst it’s in a 3rd party tool, notifying via this method will probably get it to the right people quickly.
Kind regards
Mike
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.