Potential API key leak
Moderate severity
GitHub Reviewed
Published
Apr 11, 2021
in
sopel-irc/sopel-weather
•
Updated Jan 9, 2023
Description
Reviewed
Apr 12, 2021
Published to the GitHub Advisory Database
Apr 13, 2021
Last updated
Jan 9, 2023
If a user is actively blackholing the location or weather APIs, or those APIs become otherwise unavailable, it is possible for the API keys to get leaked to the active IRC channel.
This is patched in v1.2.4
References