CVE-2023-38487
CVE-2023-38487 – HedgeDoc : Prior to 1.9.9, the HedgeDoc API allows creating a note with an alias equal to an existing note ID via POST /new/ when freeURL is enabled. The system does not verify the alias against existing IDs, so a new note can shadow the original; access may be redirected to the ...