```toml
[advisory]
id = "RUSTSEC-2022-0089"
package = "aliyun-oss-client"
date = "2022-11-19"
url = "https://github.com/advisories/GHSA-3w3h-7xgx-grwc"
categories = ["crypto-failure"]
aliases = ["CVE-2022-39397", "GHSA-3w3h-7xgx-grwc"]
cvss = "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"

[versions]
patched = [">= 0.8.1"]
```

# `aliyun-oss-client` secret exposure

The `aliyun-oss-client` unintentionally divulges the authentication secret.

This bug was fixed in [this](https://github.com/tu6ge/oss-rs/commit/e4553f7d74fce682d802f8fb073943387796df29) commit by limiting the concerned traits to be `pub` only within the crate.