Lucene search

K
osvGoogleOSV:CVE-2024-35232
HistoryMay 24, 2024 - 9:15 p.m.

CVE-2024-35232

2024-05-2421:15:59
Google
osv.dev
31
cve-2024-35232
github
http request
file upload
batch request
marketing api
access token
security patch
software vulnerability

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0

Percentile

15.5%

github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. access_token can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2.

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0

Percentile

15.5%