Information Exposure Affecting slack-morphism package, versions <0.41.0
Snyk CVSS
Attack Complexity
Low
Threat Intelligence
EPSS
0.13% (49th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RUST-SLACKMORPHISM-2953400
- published 20 Jul 2022
- disclosed 20 Jul 2022
- credit Unknown
How to fix?
Upgrade slack-morphism
to version 0.41.0 or higher.
Overview
Affected versions of this package are vulnerable to Information Exposure of the OAuth client
information in application debug logs.
Workarounds
If the user can't upgrade to the fixed version, it is recommended to not print output in logs request and responses for OAuth
and client
configurations.