CVE-2021-1725: Exposure of Sensitive Information to an Unauthorized Actor

March 8, 2021

Bot Framework SDK Information Disclosure Vulnerability

References

aka.ms/SkillClaimsValidationJavascript
github.com/advisories/GHSA-fvcj-hvfw-7f2v
github.com/microsoft/botbuilder-js/security/advisories/GHSA-fvcj-hvfw-7f2v
www.npmjs.com/package/botframework-connector

Detect and mitigate CVE-2021-1725 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →