github.com/usememos/memos is vulnerable to information disclosure. An attacker is able to make a private memo into a public memo in order to view it using the memo ID via making a PATCH request to /api/memo/
and view the memo data of the victim.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/usememos/memos | le | v0.9.0 | |
github.com/usememos/memos | le | v0.9.0 |