Affected versions of this package are vulnerable to Information Exposure. Attackers can expose the contents of a file or blob when client-side encryption is in use.
NOTE: The vendor advises that client-side encryption is a very uncommon use case.
Remediation
Upgrade com.azure:azure-storage-blob to version 12.18.0 or higher.
Overview
com.azure:azure-storage-blob is a Microsoft Azure client library for Blob Storage
Affected versions of this package are vulnerable to Information Exposure. Attackers can expose the contents of a file or blob when client-side encryption is in use.
NOTE: The vendor advises that client-side encryption is a very uncommon use case.
Remediation
Upgrade
com.azure:azure-storage-blobto version 12.18.0 or higher.References