api-management-developer-portal Version Disclosure (Lodash)

Version Disclosure (Lodash)

Open Harmanpreet-96 opened this issue 1 year ago • 11 comments

Bug description

Security scan identified a version disclosure (Lodash) in the target web server's HTTP response. This information can help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Lodash.

Impact An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.

Reproduction steps

Go to '...'
Click on '....'
Scroll down to '....'
See error

Expected behavior

Configure your web server to prevent information leakage.

Is your portal managed or self-hosted?

Managed

Release tag or commit SHA (if using self-hosted version)

[e.g., release 2.0.0, commit c45da9778b70d369aba60fa2e63c191efe2b548f]

API Management service name

enterprise-apim-dev

Environment

Operating system: [e.g., iOS]
Browser: [e.g., Google Chrome, Safari]
Version: [e.g., 22]

Additional context

Add any other context about the problem here, including screenshots.

Jul 31 '23 11:07 Harmanpreet-96

api-management-developer-portal api-management-developer-portal copied to clipboard

Version Disclosure (Lodash)

Bug description

Reproduction steps

Expected behavior

Is your portal managed or self-hosted?

Release tag or commit SHA (if using self-hosted version)

API Management service name

Environment

Additional context

api-management-developer-portal
api-management-developer-portal copied to clipboard