GSA_kwCzR0hTQS00MnEyLW01NGYtamg5Nc4AAwp8

Moderate EPSS: 0.00082% (0.25018 Percentile) EPSS:

Permalink JSON

sememos/memos vulnerable to Improper Handling of Values

Affected Packages	Affected Versions	Fixed Versions
go:github.com/usememos/memos	<= 0.9.0	0.9.1
0 Dependent packages 0 Dependent repositories Affected Version Ranges All affected versions 0.0.1, 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.3.1, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.5.0, 0.6.0, 0.6.1, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.9.0 All unaffected versions 0.9.1, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.11.0, 0.11.1, 0.11.2, 0.12.0, 0.12.1, 0.12.2, 0.13.0, 0.13.1, 0.13.2, 0.14.0, 0.14.1, 0.14.2, 0.14.3, 0.14.4, 0.15.0, 0.15.1, 0.15.2, 0.16.0, 0.16.1, 0.17.0, 0.17.1, 0.18.0, 0.18.1, 0.18.2, 0.19.0, 0.19.1, 0.20.0, 0.20.1, 0.21.0, 0.21.1, 0.22.0, 0.22.1, 0.22.2, 0.22.3, 0.22.4, 0.22.5, 0.23.0, 0.23.1, 0.24.0, 0.24.1, 0.24.2, 0.24.3, 0.24.4, 0.25.0

In usememos/memos 0.9.0 and prior, an attacker can post malicious content to another user's memos page via POST request.

References:

Identifiers

GHSA-42q2-m54f-jh95

CVE-2022-4851

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00082

EPSS Percentile: 0.25018

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/usememos/memos

Date and time

Published

over 2 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories