Lucene search
AnonymousNODEJS:1647HistoryMar 08, 2021 - 3:57 p.m.
Improper Authentication
2021-03-0815:57:38
Anonymous
www.npmjs.com
17
0.0004 Low
EPSS
Percentile
9.5%
Overview
In affected versions of botframework-connector, a maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. This vulnerability requires an attacker to have internal knowledge of the bot.
Recommendation
Upgrade to fix version 4.7.3, 4.8.1, 4.9.4, 4.10.3, or later.
References
| CPE | Name | Operator | Version |
|---|---|---|---|
| botframework-connector | ge | 4.7.0 < 4.7.3||=4.8.0||>=4.9.0 <4.9.4||>=4.10.0 <4.10.3 |
Related
osv
osv
botframework-connector vulnerable to Improper Authentication
2021-03-08 15:49:53
Improper Authentication
2021-03-08 15:50:10
PYSEC-2021-422
2021-01-12 20:15:00
github
github
botframework-connector vulnerable to Improper Authentication
2021-03-08 15:49:53
nvd
nvd
CVE-2021-1725
2021-01-12 20:15:35
cvelist
cvelist
CVE-2021-1725 Bot Framework SDK Information Disclosure Vulnerability
2021-01-12 19:42:47
veracode
veracode
Authentication Bypass
2021-03-09 01:06:03
cve
cve
CVE-2021-1725
2021-01-12 20:15:35
mscve
mscve
Bot Framework SDK Information Disclosure Vulnerability
2021-01-12 08:00:00
prion
prion
Information disclosure
2021-01-12 20:15:00
kaspersky
kaspersky
KLA12040 Multiple vulnerability in Microsoft Developer Tools
2021-01-12 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - January 2021
2021-01-12 23:59:00