Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Slack Morphism for Rust before 0.41.0 can accidentally leak Slack OAuth client information in application debug logs
Vulnerability Description
Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was introduced in v0.41.0 for OAuth secret types to reduce the possibility of printing sensitive information in application logs. As a workaround, do not print/output requests and responses for OAuth and client configurations in logs.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
CWE-1258
Vulnerability Title
Slack Morphism 安全漏洞
Vulnerability Description
Slack Morphism是Rust 的现代异步客户端库,支持 Slack Web / Events API/Socket Mode 和 Block Kit。 Slack Morphism 0.41.0之前的版本存在安全漏洞,该漏洞源于其Slack OAuth客户端信息可能会在应用程序调试日志中泄漏。
CVSS Information
N/A
Vulnerability Type
N/A