Lucene search
GitHub Advisory DatabaseGHSA-MFVQ-M3JJ-8864HistoryDec 28, 2022 - 3:30 p.m.
usememos/memos vulnerable to Improper Verification of Source of a Communication Channel
2022-12-2815:30:45
CWE-940
GitHub Advisory Database
github.com
7
usememos
memos
software
improper verification
communication channel
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
30.7%
usememos/memos 0.9.0 and prior is vulnerable to Improper Verification of Source of a Communication Channel.
Affected configurations
Node
usememosmemosRange≤0.9.0
Related
osv
osv
CVE-2022-4800
2022-12-28 14:15:10
cvelist
cvelist
prion
prion
Input validation
2022-12-28 14:15:00
huntr
huntr
CSRF allows attacker to add malicious tags to vitim account
2022-12-23 16:51:16
nvd
nvd
CVE-2022-4800
2022-12-28 14:15:10
cve
cve
CVE-2022-4800
2022-12-28 14:15:10
veracode
veracode
Cross-Site Request Forgery (CSRF)
2023-01-02 09:27:41
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
30.7%
Related for GHSA-MFVQ-M3JJ-8864