Add slack-morphism CVE-2022-31162 (#1556)

2026-01-02 09:36:40 +01:00 · 2023-02-02 22:43:19 +11:00
parent 6d67664d5c
commit f134e7d43f
1 changed files with 17 additions and 0 deletions
--- a/crates/slack-morphism/RUSTSEC-0000-0000.md
+++ b/crates/slack-morphism/RUSTSEC-0000-0000.md
@@ -0,0 +1,17 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "slack-morphism"
+date = "2022-07-22"
+url = "https://github.com/abdolence/slack-morphism-rust/pull/133"
+aliases = ["CVE-2022-31162", "GHSA-99j7-mhfh-w84p"]
+cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+
+[versions]
+patched = [">= 0.41.0"]
+```
+# Slack OAuth Secrets leak in debug logs
+
+Debug log formatting made it possible to leak OAuth secrets into debug logs.
+
+The patched version has introduced more strict checks to avoid this.