HistoryEdit

RUSTSEC-2022-0062

matrix-sdk 0.6.0 logs access tokens
Reported
Issued
Package
matrix-sdk (crates.io)
Type
Vulnerability
Details
https://github.com/matrix-org/matrix-rust-sdk/issues/1110
Patched
  • >=0.6.2
Unaffected
  • <0.6.0

Description

When sending Matrix requests using an affected version of matrix-sdk in an application that writes logs using tracing-subscriber (in a way that includes fields of tracing spans such as tracing_subscribers default text output from the fmt module), these logs will contain the user's access token.