CVE-2022-39397

Опубликовано: 22 нояб. 2022

Источник: nvd

CVSS3: 5.6

CVSS3: 4.3

EPSS Низкий

Описание

aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1.

Ссылки

https://github.com/tu6ge/oss-rs/commit/e4553f7d74fce682d802f8fb073943387796df29
Patch
Third Party Advisory
https://github.com/tu6ge/oss-rs/security/advisories/GHSA-3w3h-7xgx-grwc
Third Party Advisory
https://github.com/tu6ge/oss-rs/commit/e4553f7d74fce682d802f8fb073943387796df29
Patch
Third Party Advisory
https://github.com/tu6ge/oss-rs/security/advisories/GHSA-3w3h-7xgx-grwc
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:aliyun-oss-client_project:aliyun-oss-client:*:*:*:*:*:*:*:*

Версия до 0.8.1 (исключая)

EPSS

Процентиль: 54%

0.00314

Низкий

5.6 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-Other

Связанные уязвимости

GHSA-3w3h-7xgx-grwc

CVSS3: 5.6

github

около 3 лет назад

Leak in Aliyun KeySecret

EPSS

Процентиль: 54%

0.00314

Низкий

5.6 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-Other