Vulnerability Description
aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1.
CVSS Score
5.6
MEDIUM
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aliyun-Oss-Client Project | Aliyun-Oss-Client | < 0.8.1 |
Related Weaknesses (CWE)
References
- https://github.com/tu6ge/oss-rs/commit/e4553f7d74fce682d802f8fb073943387796df29PatchThird Party Advisory
- https://github.com/tu6ge/oss-rs/security/advisories/GHSA-3w3h-7xgx-grwcThird Party Advisory
- https://github.com/tu6ge/oss-rs/commit/e4553f7d74fce682d802f8fb073943387796df29PatchThird Party Advisory
- https://github.com/tu6ge/oss-rs/security/advisories/GHSA-3w3h-7xgx-grwcThird Party Advisory
FAQ
What is CVE-2022-39397?
CVE-2022-39397 is a vulnerability with a CVSS score of 5.6 (MEDIUM). aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1.
How severe is CVE-2022-39397?
CVE-2022-39397 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-39397?
Check the references section above for vendor advisories and patch information. Affected products include: Aliyun-Oss-Client Project Aliyun-Oss-Client.