Lucene search
GitHub Advisory DatabaseGHSA-6FCF-G3MP-XJ2XHistoryAug 05, 2024 - 9:29 p.m.
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta
2024-08-0521:29:24
CWE-918
GitHub Advisory Database
github.com
2
memos
ssrf
vulnerability
fixed
software
server-side request forgery
/o/get/httpmeta
CVSS3
5.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
AI Score
6.6
Confidence
High
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.
Affected configurations
Node
usememosmemosRange<0.16.1
Related
vulnrichment
vulnrichment
CVE-2024-29028 memos vulnerable to an SSRF in /o/get/httpmeta
2024-04-19 15:14:02
cvelist
cvelist
CVE-2024-29028 memos vulnerable to an SSRF in /o/get/httpmeta
2024-04-19 15:14:02
osv
osv
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos
2024-08-06 22:40:50
CVE-2024-29028
2024-04-19 15:15:50
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta
2024-08-05 21:29:24
cve
cve
CVE-2024-29028
2024-04-19 15:15:50
veracode
veracode
Server Side Request Forgery
2024-04-22 07:18:31
nvd
nvd
CVE-2024-29028
2024-04-19 15:15:50
CVSS3
5.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
AI Score
6.6
Confidence
High
Related for GHSA-6FCF-G3MP-XJ2X