CVE-2022-31162

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-31162
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31162.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-31162
Aliases
Withdrawn
2024-05-15T05:32:08.804659Z
Published
2022-07-22T04:15:14Z
Modified
2023-11-29T09:45:32.272348Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was introduced in v0.41.0 for OAuth secret types to reduce the possibility of printing sensitive information in application logs. As a workaround, do not print/output requests and responses for OAuth and client configurations in logs.

References

Affected packages

Git / github.com/abdolence/slack-morphism-rust

Affected ranges

Type
GIT
Repo
https://github.com/abdolence/slack-morphism-rust
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v0.*

v0.10.0
v0.11.0
v0.12.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.23.0
v0.24.0
v0.25.0
v0.26.0
v0.27.0
v0.28.0
v0.29.0
v0.30.0
v0.31.0
v0.32.0
v0.33.0
v0.34.0
v0.35.0
v0.36.0
v0.37.0
v0.38.0
v0.39.0
v0.4.0
v0.40.0
v0.5.0
v0.5.5
v0.6.0
v0.6.1
v0.7.0
v0.7.3
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.9.0