botframework-connector@4.9.0 vulnerabilities
Bot Connector is autorest generated connector client.
-
latest version
4.23.1
-
latest non vulnerable version
-
first published
7 years ago
-
latest version published
2 months ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the botframework-connector package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
botframework-connector is a Bot Connector is autorest generated connector client. Affected versions of this package are vulnerable to Improper Authentication. A maliciously crafted claim may be incorrectly authenticated by the bot. Impacts bots that are not configured to be used as a Skill. This vulnerability requires an attacker to have internal knowledge of the bot. How to fix Improper Authentication? Upgrade |
>=4.10.0 <4.10.3
>=4.9.0 <4.9.4
>=4.8.0 <4.8.1
>=4.7.0 <4.7.3
|