In affected versions of botframework-connector
, a maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. This vulnerability requires an attacker to have internal knowledge of the bot.
Upgrade to fix version 4.7.3, 4.8.1, 4.9.4, 4.10.3, or later.
CPE | Name | Operator | Version |
---|---|---|---|
botframework-connector | ge | 4.7.0 < 4.7.3||=4.8.0||>=4.9.0 <4.9.4||>=4.10.0 <4.10.3 |