Lucene search
K

4 matches found

OSV
OSV
added 2024/08/22 5:18 p.m.99 views

GHSA-P4FX-QF2H-JPMJ memos CORS Misconfiguration in server.go (GHSL-2024-034)

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...

8.6CVSS7.7AI score0.00607EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/08/22 5:18 p.m.18 views

memos CORS Misconfiguration in server.go (GHSL-2024-034)

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...

8.1CVSS6.5AI score0.00607EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2024/08/20 7:54 p.m.75 views

CVE-2024-41659 GHSL-2024-034: memos CORS Misconfiguration in server.go

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...

8.1CVSS0.00607EPSS
Exploits1References3
OSV
OSV
added 2024/08/20 7:54 p.m.29 views

CVE-2024-41659 GHSL-2024-034: memos CORS Misconfiguration in server.go

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...

8.1CVSS6.3AI score0.00607EPSS
Exploits1References5
Rows per page
Query Builder