5 matches found
Authentication Bypass
botframework-connector is vulnerable to authentication bypass. The vulnerability exists as Skill claims found in the jwt token is not validated against the SkillValidation.isSkillClaim method...
Improper Authentication
Overview In affected versions of botframework-connector, a maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. This vulnerability requires an attacker to have internal knowledge of the bot. Recommendation Upgrade to fi...
botbuilder-adapters-slack (=4.10.0), botbuilder-ai (=4.10.0) +7 more potentially affected by CVE-2021-1725 via botframework-connector (=4.10.0)
botframework-connector PYPI version =4.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on botframework-connector and may be impacted: - botbuilder-adapters-slack =4.10.0 - botbuilder-ai =4.10.0 - botbuilder-applicationinsights =4.10.0 -...
GHSA-FVCJ-HVFW-7F2V botframework-connector vulnerable to Improper Authentication
Impact A maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. This vulnerability requires an attacker to have internal knowledge of the bot. Patches The problem has been patched in all affected versions. Please see the...
botbuilder-adapters-slack (=4.10.0), botbuilder-ai (=4.10.0) +7 more potentially affected by CVE-2021-1725 via botframework-connector (=4.10.0)
botframework-connector PYPI version =4.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on botframework-connector and may be impacted: - botbuilder-adapters-slack =4.10.0 - botbuilder-ai =4.10.0 - botbuilder-applicationinsights =4.10.0 -...