CVE-2022-39397

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-39397

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39397.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-39397

Aliases

Published

2022-11-22T00:00:00Z

Modified

2025-10-22T18:30:26.654539Z

Severity

5.6 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N CVSS Calculator

Summary

Exposure of sensitive information in aliyun-oss-client

Details

aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1.

Database specific

{
    "cwe_ids": [
        "CWE-200"
    ]
}

References

Affected packages

Git / github.com/tu6ge/oss-rs

Affected ranges

Type: GIT
Repo: https://github.com/tu6ge/oss-rs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e4553f7d74fce682d802f8fb073943387796df29

Affected versions

0.*

0.1.0

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.2.6

0.3.0

0.3.1

0.4.0

0.4.1

0.4.2

0.4.3

0.4.4

0.5.0

0.6.0

0.7.0

0.7.1

0.7.2

0.7.3

0.7.4

0.7.5

0.7.6

0.8.0

dev-0.*

dev-0.2.0