Lucene search
+L

5 matches found

Node.js
Node.js
added 2021/03/08 3:57 p.m.41 views

Improper Authentication

Overview In affected versions of botframework-connector, a maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. This vulnerability requires an attacker to have internal knowledge of the bot. Recommendation Upgrade to fi...

2.1CVSS5.4AI score0.01057EPSS
Exploits0Affected Software1
NVD
NVD
added 2021/01/12 8:15 p.m.30 views

CVE-2021-1725

Bot Framework SDK Information Disclosure Vulnerability...

5.5CVSS5.5AI score0.01057EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2021/01/12 8:15 p.m.6 views

botbuilder-adapters-slack (=4.10.0), botbuilder-ai (=4.10.0) +7 more potentially affected by CVE-2021-1725 via botframework-connector (=4.10.0)

botframework-connector PYPI version =4.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on botframework-connector and may be impacted: - botbuilder-adapters-slack =4.10.0 - botbuilder-ai =4.10.0 - botbuilder-applicationinsights =4.10.0 -...

5.5CVSS6AI score0.01057EPSS
Exploits0
Cvelist
Cvelist
added 2021/01/12 7:42 p.m.38 views

CVE-2021-1725 Bot Framework SDK Information Disclosure Vulnerability

...

5.5CVSS6AI score0.01057EPSS
Exploits0References1
CVE
CVE
added 2021/01/12 7:42 p.m.123 views

CVE-2021-1725

CVE-2021-1725 corresponds to a Bot Framework SDK Information Disclosure vulnerability. Connected sources show the issue in the Bot Framework’s botframework-connector component, where a malicious claim could be incorrectly authenticated when bots are not configured as a Skill. The root cause invol...

5.5CVSS5.1AI score0.01057EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder