HistoryEdit

RUSTSEC-2022-0089

aliyun-oss-client secret exposure

Reported
Issued
Package
aliyun-oss-client (crates.io)
Type
Vulnerability
Categories
Aliases
Details
https://github.com/advisories/GHSA-3w3h-7xgx-grwc
CVSS Score
5.6 MEDIUM
CVSS Details
Attack vector
Physical
Attack complexity
Low
Privileges required
High
User interaction
Required
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
None
CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
Patched
  • >=0.8.1

Description

The aliyun-oss-client unintentionally divulges the authentication secret.

This bug was fixed in this commit by limiting the concerned traits to be pub only within the crate.