Information Exposure Affecting slack-morphism package, versions <0.41.0


0.0
medium

Snyk CVSS

    Attack Complexity Low
Expand this section
NVD
7.5 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-RUST-SLACKMORPHISM-2953400
  • published 20 Jul 2022
  • disclosed 20 Jul 2022
  • credit Unknown

How to fix?

Upgrade slack-morphism to version 0.41.0 or higher.

Overview

Affected versions of this package are vulnerable to Information Exposure of the OAuth client information in application debug logs.

Workarounds

If the user can't upgrade to the fixed version, it is recommended to not print output in logs request and responses for OAuth and client configurations.

References