What Changed
The WithSecure Elements Azure Function connector dependencies have been updated to requests 2.32.4, addressing CVE-2024-47081, a security vulnerability in netrc credential handling.
Security Impact (Visibility & Fidelity)
CVE-2024-47081 fixed a security issue where maliciously crafted URLs in trusted environments could retrieve credentials for the wrong hostname from netrc files. This represents a credential leakage vulnerability that could compromise authentication security in connector environments using netrc-based credential storage.
The update ensures proper hostname validation during credential lookup, preventing potential credential misuse in HTTP client operations.
Affected Files
Solutions/WithSecureElementsViaFunction/Data Connectors/requirements.txt
(also updated: GitHub connector API endpoint format, AWS S3 documentation, packaging artifacts)