Google Git
Sign in
go / vulndb / bfd27ade11c20157c4432b663fdfc2a9681b4b86 / . / data / reports / GO-2024-2882.yaml
blob: 2a5a99c1389b0fb39f8c83088171cd9f59ce7570 [file] [log] [blame]
id: GO-2024-2882
modules:
- module: github.com/huandu/facebook
vulnerable_at: 1.8.1
- module: github.com/huandu/facebook/v2
versions:
- fixed: 2.7.2
vulnerable_at: 2.7.1
summary: github.com/huandu/facebook may expose access_token in error message.
cves:
- CVE-2024-35232
ghsas:
- GHSA-3f65-m234-9mxr
references:
- advisory: https://github.com/huandu/facebook/security/advisories/GHSA-3f65-m234-9mxr
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-35232
- fix: https://github.com/huandu/facebook/commit/8b34431b91b32903c8821b1d7621bf81a029d8e4
- web: https://cs.opensource.google/go/go/+/refs/tags/go1.22.3:src/net/http/client.go;l=629-633
- web: https://cs.opensource.google/go/go/+/refs/tags/go1.22.3:src/net/url/url.go;l=30
- web: https://github.com/huandu/facebook/blob/1591be276561bbdb019c0279f1d33cb18a650e1b/session.go#L558-L567
source:
id: GHSA-3f65-m234-9mxr
created: 2024-06-26T14:08:22.173849-04:00
review_status: UNREVIEWED