Reported

October 10, 2022

Issued

February 2, 2023

Package

slack-morphism (crates.io)

Type

Vulnerability

Aliases

• CVE-2022-39292
• GHSA-4mjx-2gh5-ph8h

References

• https://github.com/abdolence/slack-morphism-rust/commit/65ef9fac4f39c4e171e2952a6cf029bb0d059a89

Patched

• >=1.3.2

Description

Debug log formatting made it possible to leak Webhooks secrets into debug logs.

The patched version has introduced more strict checks to avoid this.

Advisory available under CC0-1.0 license.