What Changed
Authomize Data Connector updated the Python requests library dependency from 2.31.0 to 2.32.4, addressing CVE-2024-47081.
Security Impact (Visibility & Fidelity)
CVE-2024-47081 fixed a credential leakage vulnerability where maliciously crafted URLs in a trusted environment could retrieve credentials for the wrong hostname from netrc files. Deployments using the Authomize connector with vulnerable requests versions (≤2.32.3) were susceptible to credential misdelivery attacks if netrc authentication was configured.
Affected Files
Solutions/Authomize/Data Connectors/requirements.txt
(packaging artefacts: AuthomizeSentinelConnector.zip)