Impact
trace.moe-telegram-bot may expose Telegram Bot's API token for any user hosting their own Telegram bot. When image URL failed to fetch by trace.moe API, the error message may contain telegram bot's API token.
Patches
Issue was patched in commit 65a0b74
Recommend update to version 2.1.2 and then reset your Telegram Bot API token immediately.
Workarounds
Downgrade to version before commit cf5779f , which doesn't support URL search and then reset your Telegram Bot API token.
References
For more information
If you have any questions or comments about this advisory:
Impact
trace.moe-telegram-bot may expose Telegram Bot's API token for any user hosting their own Telegram bot. When image URL failed to fetch by trace.moe API, the error message may contain telegram bot's API token.
Patches
Issue was patched in commit 65a0b74
Recommend update to version 2.1.2 and then reset your Telegram Bot API token immediately.
Workarounds
Downgrade to version before commit cf5779f , which doesn't support URL search and then reset your Telegram Bot API token.
References
For more information
If you have any questions or comments about this advisory: