<p>Upgrade <code>slack-morphism</code> to version 1.3.2 or higher.</p>

Information Exposure Affecting slack-morphism package, versions <1.3.2

Snyk CVSS

Attack Complexity Low

Threat Intelligence

EPSS 0.13% (48^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-RUST-SLACKMORPHISM-3042409
published 11 Oct 2022
disclosed 11 Oct 2022
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 11 Oct 2022

CVE-2022-39292 Open this link in a new tab CWE-1258 Open this link in a new tab

How to fix?

Upgrade slack-morphism to version 1.3.2 or higher.

Overview

Affected versions of this package are vulnerable to Information Exposure via the SlackClientHyperConnector function in hyper_tokio/connector.rs, which exposes webhook URLs in debug logs.

References

GitHub Commit
GitHub Release