HistoryEditJSON (OSV)

RUSTSEC-2022-0062

matrix-sdk 0.6.0 logs access tokens

Reported
Issued
Package
matrix-sdk (crates.io)
Type
Vulnerability
Aliases
References
Patched
  • >=0.6.2
Unaffected
  • <0.6.0

Description

When sending Matrix requests using an affected version of matrix-sdk in an application that writes logs using tracing-subscriber (in a way that includes fields of tracing spans such as tracing_subscribers default text output from the fmt module), these logs will contain the user's access token.

Advisory available under CC0-1.0 license.