VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-65c5-st4q-dff3

Essentials
Severities (31)
References (20)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-65c5-st4q-dff3
Aliases	CVE-2022-1650 GHSA-6h5x-7c5m-7cr7
Summary	Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository eventsource/eventsource prior to v2.0.2.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-212	Improper Removal of Sensitive Information Before Storage or Transfer
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-359	Exposure of Private Personal Information to an Unauthorized Actor

System	Score	Found at
cvssv3	9.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1650.json
epss	0.01141	https://api.first.org/data/v1/epss?cve=CVE-2022-1650
epss	0.01141	https://api.first.org/data/v1/epss?cve=CVE-2022-1650
epss	0.01141	https://api.first.org/data/v1/epss?cve=CVE-2022-1650
epss	0.01141	https://api.first.org/data/v1/epss?cve=CVE-2022-1650
epss	0.01141	https://api.first.org/data/v1/epss?cve=CVE-2022-1650
epss	0.01141	https://api.first.org/data/v1/epss?cve=CVE-2022-1650
epss	0.01141	https://api.first.org/data/v1/epss?cve=CVE-2022-1650
epss	0.01141	https://api.first.org/data/v1/epss?cve=CVE-2022-1650
epss	0.01141	https://api.first.org/data/v1/epss?cve=CVE-2022-1650
epss	0.01141	https://api.first.org/data/v1/epss?cve=CVE-2022-1650
epss	0.01141	https://api.first.org/data/v1/epss?cve=CVE-2022-1650
epss	0.01141	https://api.first.org/data/v1/epss?cve=CVE-2022-1650
epss	0.01141	https://api.first.org/data/v1/epss?cve=CVE-2022-1650
epss	0.01141	https://api.first.org/data/v1/epss?cve=CVE-2022-1650
epss	0.01141	https://api.first.org/data/v1/epss?cve=CVE-2022-1650
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-6h5x-7c5m-7cr7
cvssv3.1	9.3	https://github.com/eventsource/eventsource
generic_textual	CRITICAL	https://github.com/eventsource/eventsource
cvssv3.1	9.3	https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4
generic_textual	CRITICAL	https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4
cvssv3.1	9.3	https://github.com/EventSource/eventsource/commit/f9f6416567bff62c1af2f4314be51d9870e94bc2
generic_textual	CRITICAL	https://github.com/EventSource/eventsource/commit/f9f6416567bff62c1af2f4314be51d9870e94bc2
cvssv3.1	9.3	https://github.com/EventSource/eventsource/pull/273#issuecomment-1127624508
generic_textual	CRITICAL	https://github.com/EventSource/eventsource/pull/273#issuecomment-1127624508
cvssv3.1	9.3	https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e
generic_textual	CRITICAL	https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e
cvssv3.1	9.3	https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html
generic_textual	CRITICAL	https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html
cvssv3.1	9.3	https://nvd.nist.gov/vuln/detail/CVE-2022-1650
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2022-1650

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1650.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-1650
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1650
		https://github.com/eventsource/eventsource
		https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4
		https://github.com/EventSource/eventsource/commit/f9f6416567bff62c1af2f4314be51d9870e94bc2
		https://github.com/EventSource/eventsource/pull/273#issuecomment-1127624508
		https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e
		https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html
2085307		https://bugzilla.redhat.com/show_bug.cgi?id=2085307
CVE-2022-1650		https://nvd.nist.gov/vuln/detail/CVE-2022-1650
GHSA-6h5x-7c5m-7cr7		https://github.com/advisories/GHSA-6h5x-7c5m-7cr7
RHSA-2022:5006		https://access.redhat.com/errata/RHSA-2022:5006
RHSA-2022:5030		https://access.redhat.com/errata/RHSA-2022:5030
RHSA-2022:6037		https://access.redhat.com/errata/RHSA-2022:6037
RHSA-2022:6057		https://access.redhat.com/errata/RHSA-2022:6057
RHSA-2022:6156		https://access.redhat.com/errata/RHSA-2022:6156
RHSA-2022:6429		https://access.redhat.com/errata/RHSA-2022:6429
RHSA-2023:3642		https://access.redhat.com/errata/RHSA-2023:3642
USN-6082-1		https://usn.ubuntu.com/6082-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1650.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://github.com/eventsource/eventsource

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://github.com/EventSource/eventsource/commit/f9f6416567bff62c1af2f4314be51d9870e94bc2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://github.com/EventSource/eventsource/pull/273#issuecomment-1127624508

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2022/12/msg00021.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1650

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.78365
EPSS Score	0.01141
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:50:04.504375+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/eventsource/CVE-2022-1650.yml	38.0.0