CVE-2024-35232: github.com/huandu/facebook may expose access_token in error message.
access_token can be exposed in error message on fail in HTTP request.
References
- cs.opensource.google/go/go/+/refs/tags/go1.22.3:src/net/http/client.go;l=629-633
- cs.opensource.google/go/go/+/refs/tags/go1.22.3:src/net/url/url.go;l=30
- github.com/advisories/GHSA-3f65-m234-9mxr
- github.com/huandu/facebook
- github.com/huandu/facebook/blob/1591be276561bbdb019c0279f1d33cb18a650e1b/session.go
- github.com/huandu/facebook/commit/8b34431b91b32903c8821b1d7621bf81a029d8e4
- github.com/huandu/facebook/security/advisories/GHSA-3f65-m234-9mxr
- nvd.nist.gov/vuln/detail/CVE-2024-35232
Code Behaviors & Features
Detect and mitigate CVE-2024-35232 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →