RUSTSEC-2022-0062

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2022-0062

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2022-0062.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2022-0062

Aliases

GHSA-fc4h-xcf3-qj5f

Published

2022-10-24T12:00:00Z

Modified

2023-11-08T04:18:56.332015Z

Summary

matrix-sdk 0.6.0 logs access tokens

Details

When sending Matrix requests using an affected version of matrix-sdk in an application that writes logs using tracing-subscriber (in a way that includes fields of tracing spans such as tracing_subscribers default text output from the fmt module), these logs will contain the user's access token.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / matrix-sdk

Package

Name: matrix-sdk; View open source insights on deps.dev
Purl: pkg:cargo/matrix-sdk

Affected ranges

Type: SEMVER
Events: Introduced

0.6.0

Fixed

0.6.2

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": null,
    "categories": []
}