17 matches found
Malicious code in botframework-wechat (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-47616 Malicious code in botframework-wechat (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-41537 Malicious code in botframework-webchat-cldr-data (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in botframework-webchat-cldr-data (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-16006 Malicious code in botframework-webchat-base (npm)
The package botframework-webchat-base was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
Malicious code in botframework-webchat-base (npm)
The package botframework-webchat-base was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
MAL-2025-16008 Malicious code in botframework-webchat-styles (npm)
The package botframework-webchat-styles was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
Malicious code in botframework-webchat-styles (npm)
The package botframework-webchat-styles was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
MAL-2025-16007 Malicious code in botframework-webchat-react-valibot (npm)
The package botframework-webchat-react-valibot was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
Malicious code in botframework-webchat-react-valibot (npm)
The package botframework-webchat-react-valibot was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
Malicious code in botframework-webchat-cldr-data-downloader (npm)
The package contains code to exfiltrate local machine information to a remote server over DNS. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 069cec738fcd016cead066052e66581ac130f721c6454d3079b1d054381031e8 Any computer that has this package installed or running...
MAL-2024-9217 Malicious code in botframework-webchat-cldr-data-downloader (npm)
The package contains code to exfiltrate local machine information to a remote server over DNS. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 069cec738fcd016cead066052e66581ac130f721c6454d3079b1d054381031e8 Any computer that has this package installed or running...
Authentication Bypass
botframework-connector is vulnerable to authentication bypass. The vulnerability exists as Skill claims found in the jwt token is not validated against the SkillValidation.isSkillClaim method...
Improper Authentication
Overview In affected versions of botframework-connector, a maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. This vulnerability requires an attacker to have internal knowledge of the bot. Recommendation Upgrade to fi...
botbuilder-adapters-slack (=4.10.0), botbuilder-ai (=4.10.0) +7 more potentially affected by CVE-2021-1725 via botframework-connector (=4.10.0)
botframework-connector PYPI version =4.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on botframework-connector and may be impacted: - botbuilder-adapters-slack =4.10.0 - botbuilder-ai =4.10.0 - botbuilder-applicationinsights =4.10.0 -...
GHSA-FVCJ-HVFW-7F2V botframework-connector vulnerable to Improper Authentication
Impact A maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. This vulnerability requires an attacker to have internal knowledge of the bot. Patches The problem has been patched in all affected versions. Please see the...
botbuilder-adapters-slack (=4.10.0), botbuilder-ai (=4.10.0) +7 more potentially affected by CVE-2021-1725 via botframework-connector (=4.10.0)
botframework-connector PYPI version =4.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on botframework-connector and may be impacted: - botbuilder-adapters-slack =4.10.0 - botbuilder-ai =4.10.0 - botbuilder-applicationinsights =4.10.0 -...