CVE-2022-1650 — Improper Removal of Sensitive Information Before Storage or Transfer in Eventsource

CWE-212 — Improper Removal of Sensitive Information Before Storage or Transfer CWE-200 — Sensitive Information Exposure CWE-359 — Exposure of Private Personal Information to an Unauthorized Actor7 documents6 sources

Severity

9.3CRITICALNVD

EPSS

1.1%

top 21.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eventsource Eventsource Eventsource Debian Node-eventsource +1 more

Timeline

PublishedMay 12

Latest updateMay 17

Description

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.8

Affected Packages4 packages

▶NVDeventsource/eventsource2.0.0 — 2.0.2+1

▶debiandebian/node-eventsource< node-eventsource 2.0.2+~1.1.8-1 (bookworm)

▶npmeventsource/eventsource2.0.0 — 2.0.2+1

▶CVEListV5eventsource/eventsource_eventsourcev2.0.0 — unspecified+2

Also affects: Debian Linux 10.0

Patches

Patch: github.com ↗Patch: huntr.dev ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Exposure of Sensitive Information in eventsource↗2022-05-13

▶

OSV

Exposure of Sensitive Information in eventsource↗2022-05-13

▶

OSV

CVE-2022-1650: Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2↗2022-05-12

▶

📋Vendor Advisories

Ubuntu

EventSource vulnerability↗2023-05-17

▶

Red Hat

eventsource: Exposure of Sensitive Information↗2022-05-12

▶

Debian

CVE-2022-1650: node-eventsource - Improper Removal of Sensitive Information Before Storage or Transfer in GitHub r...↗2022

▶