CVE-2024-35232
CVSS V2 None
CVSS V3 None
Description
github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. access_token can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2.
Overview
- CVE ID
- CVE-2024-35232
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-05-24T20:44:09.233Z
- Last Modified Date
- 2024-06-05T19:00:46.713Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/huandu/facebook/security/advisories/GHSA-3f65-m234-9mxr | x_refsource_CONFIRM |
| https://github.com/huandu/facebook/commit/8b34431b91b32903c8821b1d7621bf81a029d8e4 | x_refsource_MISC |
| https://cs.opensource.google/go/go/+/refs/tags/go1.22.3:src/net/http/client.go;l=629-633 | x_refsource_MISC |
| https://cs.opensource.google/go/go/+/refs/tags/go1.22.3:src/net/url/url.go;l=30 | x_refsource_MISC |
| https://github.com/huandu/facebook/blob/1591be276561bbdb019c0279f1d33cb18a650e1b/session.go#L558-L567 | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-35232 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35232 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 13:55:34 | Added to TrackCVE |