Lucene search
Veracode Vulnerability DatabaseVERACODE:38687HistoryDec 30, 2022 - 7:20 a.m.
Cross-site Request Forgery (CSRF)
2022-12-3007:20:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
cross-site request forgery
vulnerability
newserver function
authenticated user
unauthorized requests
web application
0.001 Low
EPSS
Percentile
29.6%
github.com/usememos/memos is vulnerable to cross site request forgery. The vulnerability exists in the NewServer function in server.go, because an attacker is able to force an authenticated user to submit a request to a web application against which they are currently authenticated.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/usememos/memos | le | v0.9.0 | |
| github.com/usememos/memos | le | v0.9.0 |
Related
cve
cve
CVE-2022-4849
2022-12-29 18:15:10
nvd
nvd
CVE-2022-4849
2022-12-29 18:15:10
huntr
huntr
CSRF allows attacker to post on behalf of victim
2022-12-23 16:43:14
github
github
usememos/memos Cross-Site Request Forgery vulnerability
2022-12-29 18:30:24
prion
prion
Cross site request forgery (csrf)
2022-12-29 18:15:00
osv
osv
usememos/memos Cross-Site Request Forgery vulnerability
2022-12-29 18:30:24
CVE-2022-4849
2022-12-29 18:15:10
cnvd
cnvd
memos cross-site request forgery vulnerability (CNVD-2023-04537)
2023-01-03 00:00:00
cvelist
cvelist
CVE-2022-4849 Cross-Site Request Forgery (CSRF) in usememos/memos
2022-12-29 00:00:00