GMS-2021-13: Potential API key leak

April 13, 2021

If a user is actively blackholing the location or weather APIs, or those APIs become otherwise unavailable, it is possible for the API keys to get leaked to the active IRC channel.

This is patched in v1.2.4

References

github.com/advisories/GHSA-63rq-p8fp-524q
github.com/sopel-irc/sopel-weather/security/advisories/GHSA-63rq-p8fp-524q

Code Behaviors & Features

Detect and mitigate GMS-2021-13 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →