Back to board Open MSRC
MSRC compact vulnerability detail

CVE-2021-1725 · Bot Framework SDK Information Disclosure Vulnerability

No description was published by MSRC.

Severity
Important
Impact
Information Disclosure
CVSS
5.5 base · 4.8 temporal
Release
2021-01-12
Signals
.NET Repository Information Disclosure Exploited: No Publicly disclosed: No Exploitability: Exploitation Less Likely
CWE
No CWE data published.
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Old version New version
Description
No description was published by MSRC.
FAQ / Articles
FAQ
How do I know if I need to install the update? Customers using Bot Framework SDK with versions shown in the Security Update Applies To column in the following table affected by this vulnerability. SDK Unaffected Versions Prior To Security Update Applies To Unaffected Versions Greater Than .NET Framework 4.6.0 4.6.0 - 4.10.2 4.10.2 JavaScript 4.7.0 4.7.0 - 4.10.1 4.10.1 Python 4.7.0 4.7.0 - 4.10.0 4.10.0
FAQ
What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.