ESET Protect Platform Connector: urllib3 Security Update for CVE Fixes

What Changed

Bumped urllib3 dependency from 2.5.0 to 2.6.0 in the ESET Protect Platform Function App connector to address security vulnerabilities.

Security Impact (Visibility & Fidelity)

CVE relevance verified — urllib3 2.6.0 addresses two high-severity (8.9 CVSS) vulnerabilities:

CVE-2025-66471: Decompression bomb vulnerability where streaming API could improperly handle highly compressed HTTP content, leading to excessive resource consumption
CVE-2025-66418: DoS vulnerability where attackers could compose HTTP responses with unlimited Content-Encoding links, exhausting system resources during decoding

These vulnerabilities could be exploited against the ESET connector when processing API responses from ESET Protect Platform, potentially causing connector failures or resource exhaustion that would disrupt security telemetry ingestion.

Affected Files

Solutions/ESET Protect Platform/Data Connectors/requirements.txt
(packaging artefacts: FunctionAppESETProtectPlatform.zip)

What Changed#

Security Impact (Visibility & Fidelity)#

Affected Files#

What Changed

Security Impact (Visibility & Fidelity)

Affected Files