github.com/usememos/memos is vulnerable to cross site request forgery. The vulnerability exists in the NewServer
function in server.go
, because an attacker is able to force an authenticated user to submit a request to a web application against which they are currently authenticated.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/usememos/memos | le | v0.9.0 | |
github.com/usememos/memos | le | v0.9.0 |