CVE-2022-1650: Exposure of Sensitive Information to an Unauthorized Actor

May 12, 2022 (updated August 2, 2023)

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository eventsource/eventsource prior to v2.0.2.

References

github.com/advisories/GHSA-6h5x-7c5m-7cr7
github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4
huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e
nvd.nist.gov/vuln/detail/CVE-2022-1650

Detect and mitigate CVE-2022-1650 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →