5 matches found
Improper Authentication
Overview In affected versions of botframework-connector, a maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. This vulnerability requires an attacker to have internal knowledge of the bot. Recommendation Upgrade to fi...
CVE-2021-1725
Bot Framework SDK Information Disclosure Vulnerability...
botbuilder-adapters-slack (=4.10.0), botbuilder-ai (=4.10.0) +7 more potentially affected by CVE-2021-1725 via botframework-connector (=4.10.0)
botframework-connector PYPI version =4.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on botframework-connector and may be impacted: - botbuilder-adapters-slack =4.10.0 - botbuilder-ai =4.10.0 - botbuilder-applicationinsights =4.10.0 -...
CVE-2021-1725 Bot Framework SDK Information Disclosure Vulnerability
...
CVE-2021-1725
CVE-2021-1725 corresponds to a Bot Framework SDK Information Disclosure vulnerability. Connected sources show the issue in the Bot Framework’s botframework-connector component, where a malicious claim could be incorrectly authenticated when bots are not configured as a Skill. The root cause invol...