-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from the auto-generated Debug implementation for SigningParams (via #[derive(Debug)]), which exposes credentials when formatted. The fmt function (part of the Debug trait implementation) is directly responsible for including sensitive fields in debug output. This matches the CWE-532 pattern of sensitive data insertion into logs. The patched versions likely removed the Debug derive or implemented it manually to redact sensitive fields.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| aws-sigv4 | rust | = 0.55.0 | 0.55.1 |
| aws-sigv4 | rust | = 0.54.1 | 0.54.2 |
| aws-sigv4 | rust | = 0.53.1 | 0.53.2 |
| aws-sigv4 | rust | = 0.52.0 | 0.52.1 |
| aws-sigv4 | rust | = 0.51.0 | 0.51.1 |
| aws-sigv4 | rust | = 0.49.0 | 0.49.1 |
| aws-sigv4 | rust | = 0.48.0 | 0.48.1 |
| aws-sigv4 | rust | = 0.47.0 | 0.47.1 |
| aws-sigv4 | rust | = 0.46.0 | 0.46.1 |
| aws-sigv4 | rust | = 0.15.0 | 0.15.1 |
| aws-sigv4 | rust | = 0.14.0 | 0.14.1 |
| aws-sigv4 | rust | = 0.13.0 | 0.13.1 |
| aws-sigv4 | rust | = 0.12.0 | 0.12.1 |
| aws-sigv4 | rust | = 0.11.0 | 0.11.1 |
| aws-sigv4 | rust | = 0.10.1 | 0.10.2 |
| aws-sigv4 | rust | = 0.9.0 | 0.9.1 |
| aws-sigv4 | rust | = 0.8.0 | 0.8.1 |
| aws-sigv4 | rust | = 0.7.0 | 0.7.1 |
| aws-sigv4 | rust | = 0.6.0 | 0.6.1 |
| aws-sigv4 | rust | = 0.5.2 | 0.5.3 |
| aws-sigv4 | rust | = 0.4.1 | 0.4.2 |
| aws-sigv4 | rust | = 0.3.0 | 0.3.1 |
| aws-sigv4 | rust | = 0.2.0 | 0.2.1 |
A Semantic Attack on Google Gemini - Read the Latest Research