Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Slack Security Vulnerabilities

cve
cve

CVE-2022-31162

Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was introduced in v0.41.0 for OAuth secret types to reduce the possibility of printing sensitive...

7.5CVSS

7.2AI Score

0.001EPSS

2022-07-22 04:15 AM
417
4
cve
cve

CVE-2021-43838

jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service (ReDoS) attack. If attacker can put a lot of JSX elements into <blockquote> tag, an internal regular expression for...

7.5CVSS

7.3AI Score

0.001EPSS

2021-12-17 07:15 PM
32
cve
cve

CVE-2022-39292

Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slack....

7.5CVSS

7.3AI Score

0.001EPSS

2022-10-10 03:15 PM
211
5
cve
cve

CVE-2021-43843

jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service (ReDoS) attack. If an attacker can put a lot of JSX elements...

7.5CVSS

7.3AI Score

0.002EPSS

2021-12-20 10:15 PM
31
cve
cve

CVE-2020-11498

Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tun_darwin.go or tun_windows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level...

8.8CVSS

8.9AI Score

0.002EPSS

2020-04-02 11:15 PM
36
cve
cve

CVE-2019-14367

Slack-Chat through 1.5.5 leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members,...

7.5CVSS

7.3AI Score

0.001EPSS

2019-11-12 09:15 PM
40
cve
cve

CVE-2019-14366

WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack (channels, members,...

7.5CVSS

7.4AI Score

0.002EPSS

2019-11-12 09:15 PM
56
cve
cve

CVE-2018-17232

SQL injection vulnerability in archivebot.py in docmarionum1 Slack ArchiveBot (aka slack-archive-bot) before 2018-09-19 allows remote attackers to execute arbitrary SQL commands via the text parameter to...

9.8CVSS

9.9AI Score

0.001EPSS

2018-09-20 06:29 AM
18