django-user-tasks: urllib3 < 1.24.2

Description

CVE‌-2019-11324

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.

edx/django-user-tasks may be affected.

Steps to Reproduce

None

Current Behavior

None

Expected Behavior

None

Reason for Variance

None

Release Notes

None

User Impact Summary

None

Assignee

Unassigned

Reporter

Troy Sankey

Labels

None

Reach

None

Impact

None

Platform Area

Platform & Infrastructure - Security

Customer

None

Partner Manager

None

URL

None

Contributor Name

None

Groups with Read-Only Access

None

Actual Points

None

Category of Work

None

Platform Map Area (Levels 1 &amp; 2)

Developer Experiences - Platform Services

Platform Map Area (Levels 3 &amp; 4)

Security Tools and Tracking

Story Points

1

Priority

Unset
Configure