GHSA-63rq-p8fp-524q – sopel-modules-weather

Package

Manager: pip
Name: sopel-modules-weather
Vulnerable Version: =0.0.1 || =0.0.2 || =0.0.3 || =0.0.4 || =0.0.5 || =0.0.6 || =0.0.7 || =1.0.0 || =1.0.1 || =1.0.2 || =1.1.0 || =1.2.0 || =1.2.1 || =1.2.2 || >=0 <1.2.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Potential API key leak If a user is actively blackholing the location or weather APIs, or those APIs become otherwise unavailable, it is possible for the API keys to get leaked to the active IRC channel. This is patched in v1.2.4

Metadata

Created: 2021-04-13T15:12:06Z
Modified: 2024-12-02T05:43:06.118388Z
Source: https://osv-vulnerabilities
CWE IDs: ["CWE-200"]
Alternative ID: N/A
Finding: F038
Auto approve: 1