CVE-2022-39292

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-39292

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39292.json

Aliases

Published

2022-10-10T15:15:09Z

Modified

2023-11-29T09:49:50.663111Z

Details

Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slack webhooks may disable or filter debug logs.

References

Affected packages

Git / github.com/abdolence/slack-morphism-rust

Affected ranges

Type: GIT
Repo: https://github.com/abdolence/slack-morphism-rust
Events: Introduced

0The exact introduced commit is unknown

Last affected

c6b88bc66c20c0c66bde11c195f2c0937f46d380

Affected versions

v0.*

v0.10.0

v0.11.0

v0.12.0

v0.14.0

v0.15.0

v0.16.0

v0.17.0

v0.18.0

v0.19.0

v0.20.0

v0.21.0

v0.22.0

v0.23.0

v0.24.0

v0.25.0

v0.26.0

v0.27.0

v0.28.0

v0.29.0

v0.30.0

v0.31.0

v0.32.0

v0.33.0

v0.34.0

v0.35.0

v0.36.0

v0.37.0

v0.38.0

v0.39.0

v0.4.0

v0.40.0

v0.41.0

v0.5.0

v0.5.5

v0.6.0

v0.6.1

v0.7.0

v0.7.3

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.9.0

v1.*

v1.0.0

v1.1.0

v1.2.0

v1.2.1

v1.2.2

v1.3.0