OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
938076e0e0ef538cd44cd338e98b5dabc24fa1c2
advisory-db/crates/aliyun-oss-client/RUSTSEC-2022-0089.md
github-actions[bot] 8a1400e316 Assigned RUSTSEC-2022-0089 to aliyun-oss-client (#1590) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
2023-02-07 23:07:40 +01:00

631 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2022-0089"
package = "aliyun-oss-client"
date = "2022-11-19"
url = "https://github.com/advisories/GHSA-3w3h-7xgx-grwc"
categories = ["crypto-failure"]
aliases = ["CVE-2022-39397", "GHSA-3w3h-7xgx-grwc"]
cvss = "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"

[versions]
patched = [">= 0.8.1"]

aliyun-oss-client secret exposure

The aliyun-oss-client unintentionally divulges the authentication secret.

This bug was fixed in this commit by limiting the concerned traits to be pub only within the crate.