Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability (GHSA-m5vv-6r4h-3vj9)
- Severity:
- Medium
Description
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.
Recommendation
Update the @azure/identity package to the latest compatible version. Followings are version details:
- Affected version(s): < 4.2.1
- Patched version(s): 4.2.1
References
Related Issues
- tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled envir - CVE-2024-49364
- @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtrac - CVE-2025-25290
- @octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Back - CVE-2025-25288
- @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtrack - CVE-2025-25289
- Tags:
- npm
- @azure/identity
Anything's wrong? Let us know Last updated on July 22, 2025