GitHub_MVULNRICHMENT:CVE-2024-35232CVE-2024-35232 github.com/huandu/facebook may expose access_token in error message
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
6.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.6%
github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. access_token can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2.
CNA Affected
[
{
"vendor": "huandu",
"product": "facebook",
"versions": [
{
"version": "<= 2.7.1",
"status": "affected"
}
]
}
]References
cs.opensource.google/go/go/+/refs/tags/go1.22.3:src/net/http/client.go;l=629-633
cs.opensource.google/go/go/+/refs/tags/go1.22.3:src/net/url/url.go;l=30
github.com/huandu/facebook/blob/1591be276561bbdb019c0279f1d33cb18a650e1b/session.go#L558-L567
github.com/huandu/facebook/commit/8b34431b91b32903c8821b1d7621bf81a029d8e4
github.com/huandu/facebook/security/advisories/GHSA-3f65-m234-9mxr
Related
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
6.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.6%