OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
7b510556ab9de3e495dfe86eab58cd8f4e38ee71
advisory-db/crates/slack-morphism/RUSTSEC-2022-0086.md
github-actions[bot] e572c789de Assigned RUSTSEC-2022-0086 to slack-morphism (#1562) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
2023-02-02 22:43:48 +11:00

492 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2022-0086"
package = "slack-morphism"
date = "2022-07-22"
url = "https://github.com/abdolence/slack-morphism-rust/pull/133"
aliases = ["CVE-2022-31162", "GHSA-99j7-mhfh-w84p"]
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"

[versions]
patched = [">= 0.41.0"]

Slack OAuth Secrets leak in debug logs

Debug log formatting made it possible to leak OAuth secrets into debug logs.

The patched version has introduced more strict checks to avoid this.