VYPR

crates.io package

object_store

pkg:cargo/object_store

Vulnerabilities (1)

  • CVE-2024-41178Jul 23, 2024
    affected >= 0.5.0, < 0.10.2fixed 0.10.2

    Exposure of temporary credentials in logs in Apache Arrow Rust Object Store (`object_store` crate), version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens.  On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity htt