CVE-2022-39397 – aliyun-oss-client

Package

Manager: cargo
Name: aliyun-oss-client
Vulnerable Version: >=0 <0.8.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00074 pctl0.22971

Details

Leak in Aliyun KeySecret ### Impact Users of this library will be affected when using this library, the incoming secret will be disclosed unintentionally. ### Patches This have already been solved. ### Workarounds No, It cannot be patched without upgrading ### References No ### For more information If you have any questions or comments about this advisory: * Email us at [email address](mailto:772364230@qq.com)

Metadata

Created: 2022-11-21T20:39:05Z
Modified: 2023-02-08T16:18:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-3w3h-7xgx-grwc/GHSA-3w3h-7xgx-grwc.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-3w3h-7xgx-grwc
Finding: F038
Auto approve: 1