5 matches found
GO-2026-5557 Note Mark: OIDC-registered users authenticated by submitting password "null" in github.com/enchant97/note-mark/backend
Note Mark: OIDC-registered users authenticated by submitting password "null" in github.com/enchant97/note-mark/backend...
GO-2026-5530 Note Mark has Broken Access Control on Asset Download in github.com/enchant97/note-mark/backend
Note Mark has Broken Access Control on Asset Download in github.com/enchant97/note-mark/backend...
GO-2026-5389 Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leads to Remote Code Execution in github.com/enchant97/note-mark/backend
Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leads to Remote Code Execution in github.com/enchant97/note-mark/backend...
GO-2026-5085 Note Mark: Unauthenticated read of notes and assets in soft-deleted public books in github.com/enchant97/note-mark/backend
Note Mark: Unauthenticated read of notes and assets in soft-deleted public books in github.com/enchant97/note-mark/backend...
Inadequate Encryption Strength
Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to insufficient enforcement of length and entropy requirements for the JWTSECRET configuration value. An attacker can gain unauthorized access to user accounts by forging authentication tokens using we...