CVE-2022-1650 – Improper Removal of Sensitive Information Before Storage or Transfer in eventsource/eventsource

https://notcve.org/view.php?id=CVE-2022-1650

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2. Una Exposición de Información Confidencial a un Actor no Autorizado en el repositorio GitHub eventsource/eventsource versiones anteriores a v2.0.2 A flaw was found in the EventSource NPM Package. The description from the source states the following message: "Exposure of Sensitive Information to an Unauthorized Actor." This flaw allows an attacker to steal the user's credentials and then use the credentials to access the legitimate website. • https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4 https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html https://access.redhat.com/security/cve/CVE-2022-1650 https://bugzilla.redhat.com/show_bug.cgi?id=2085307 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •