Information Exposure Affecting azure-storage-blob package, versions [,12.13.0)


0.0
medium
  • Attack Complexity

    High

  • Confidentiality

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-PYTHON-AZURESTORAGEBLOB-2949173

  • published

    13 Jul 2022

  • disclosed

    13 Jul 2022

  • credit

    Sophie Schmieg

How to fix?

Upgrade azure-storage-blob to version 12.13.0 or higher.

Overview

azure-storage-blob is a Microsoft Azure Blob Storage Client Library for Python

Affected versions of this package are vulnerable to Information Exposure. Attackers can expose the contents of a file or blob when client-side encryption is in use.

NOTE: The vendor advises that client-side encryption is a very uncommon use case.

References