CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
15.5%
github.com/huandu/facebook is vulnerable to an Information Disclosure vulnerability. The vulnerability is due to the access_token
being exposed in error messages upon failing HTTP requests, which could allow an attacker with log access to obtain sensitive access tokens by exploiting error messages generated during failed HTTP requests.
cs.opensource.google/go/go/+/refs/tags/go1.22.3:src/net/http/client.go;l=629-633
cs.opensource.google/go/go/+/refs/tags/go1.22.3:src/net/url/url.go;l=30
github.com/huandu/facebook/blob/1591be276561bbdb019c0279f1d33cb18a650e1b/session.go#L558-L567
github.com/huandu/facebook/commit/8b34431b91b32903c8821b1d7621bf81a029d8e4
github.com/huandu/facebook/security/advisories/GHSA-3f65-m234-9mxr