Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-3w3h-7xgx-grwc: Leakage Aliyun KeySecret

Impact

Users of this library will be affected when using this library, the incoming secret will be disclosed unintentionally

Patches

This have already been solved.

Workarounds

No, It cannot be patched without upgrading

References

No

For more information

If you have any questions or comments about this advisory:

ghsa

Package

cargo aliyun-oss-client (Rust)

Affected versions

< 0.8.1

Description

Impact

Users of this library will be affected when using this library, the incoming secret will be disclosed unintentionally

Patches

This have already been solved.

Workarounds

No, It cannot be patched without upgrading

References

No

For more information

If you have any questions or comments about this advisory:

  • Email us at email address

References

  • GHSA-3w3h-7xgx-grwc
  • tu6ge/oss-rs@e4553f7

Severity

CVSS base metrics

User interaction

Required

CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

Weaknesses

GHSA ID

GHSA-3w3h-7xgx-grwc

Source code

Related news

CVE-2022-39397: fix(auth): Prevent secret exposure · tu6ge/oss-rs@e4553f7

aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1.

ghsa: Latest News

GHSA-49cc-xrjf-9qf7: SFTPGo allows administrators to restrict command execution from the EventManager