What Changed
Dependency update bumps Python requests library from 2.31.0 to 2.32.4 in the Fortinet FortiNDR Cloud connector.
Security Impact (Visibility & Fidelity)
CVE-2024-47081: Fixed critical vulnerability where maliciously crafted URLs could retrieve credentials for the wrong hostname from netrc files. This affects any deployment using this connector with netrc authentication — compromised credentials could be sent to unintended hosts, creating a data exfiltration risk.
Additional fixes include SSL context handling improvements and Python compatibility updates that may have affected connector stability.
Affected Files
Solutions/Fortinet FortiNDR Cloud/Data Connectors/requirements.txt
(packaging artefacts: 3.0.2.zip and extensive solution metadata files)