CVE-2022-39397: Leak in Aliyun KeySecret

November 21, 2022 (updated February 8, 2023)

Users of this library will be affected when using this library, the incoming secret will be disclosed unintentionally.

References

github.com/advisories/GHSA-3w3h-7xgx-grwc
github.com/tu6ge/oss-rs
github.com/tu6ge/oss-rs/commit/e4553f7d74fce682d802f8fb073943387796df29
github.com/tu6ge/oss-rs/security/advisories/GHSA-3w3h-7xgx-grwc
nvd.nist.gov/vuln/detail/CVE-2022-39397
rustsec.org/advisories/RUSTSEC-2022-0089.html

Detect and mitigate CVE-2022-39397 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →