Vulnerabilites related to eventsource - eventsource/eventsource
cve-2022-1650
Vulnerability from cvelistv5
Published
2022-05-12 00:00
Modified
2024-08-03 00:10
Severity ?
EPSS score ?
Summary
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| eventsource | eventsource/eventsource |
Version: v2.0.0 < unspecified Version: unspecified < v2.0.2 Version: unspecified < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:10:03.747Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e", }, { tags: [ "x_transferred", ], url: "https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4", }, { name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3235-1] node-eventsource security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "eventsource/eventsource", vendor: "eventsource", versions: [ { lessThan: "unspecified", status: "affected", version: "v2.0.0", versionType: "custom", }, { lessThan: "v2.0.2", status: "affected", version: "unspecified", versionType: "custom", }, { lessThanOrEqual: "v1.1.0", status: "affected", version: "unspecified", versionType: "custom", }, { status: "unaffected", version: "v1.1.1", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.</p>", }, ], value: "Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-212", description: "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-02T08:39:40.475Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { url: "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e", }, { url: "https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4", }, { name: "[debian-lts-announce] 20221211 [SECURITY] [DLA 3235-1] node-eventsource security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html", }, ], source: { advisory: "dc9e467f-be5d-4945-867d-1044d27e9b8e", discovery: "EXTERNAL", }, title: "Improper Removal of Sensitive Information Before Storage or Transfer in eventsource/eventsource", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-1650", datePublished: "2022-05-12T00:00:00", dateReserved: "2022-05-10T00:00:00", dateUpdated: "2024-08-03T00:10:03.747Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }