CVE-2024-35232

github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. access_token can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
GitHub_MCNA
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Common Weakness Enumeration
References
https://cs.opensource.google/go/go/+/refs/tags/go1.22.3:src/net/http/client.go;l=629-633
https://cs.opensource.google/go/go/+/refs/tags/go1.22.3:src/net/url/url.go;l=30
https://github.com/huandu/facebook/blob/1591be276561bbdb019c0279f1d33cb18a650e1b/session.go#L558-L567
https://github.com/huandu/facebook/commit/8b34431b91b32903c8821b1d7621bf81a029d8e4
https://github.com/huandu/facebook/security/advisories/GHSA-3f65-m234-9mxr
https://cs.opensource.google/go/go/+/refs/tags/go1.22.3:src/net/http/client.go;l=629-633
https://cs.opensource.google/go/go/+/refs/tags/go1.22.3:src/net/url/url.go;l=30
https://github.com/huandu/facebook/blob/1591be276561bbdb019c0279f1d33cb18a650e1b/session.go#L558-L567
https://github.com/huandu/facebook/commit/8b34431b91b32903c8821b1d7621bf81a029d8e4
https://github.com/huandu/facebook/security/advisories/GHSA-3f65-m234-9mxr