memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.
References
Configurations
No configuration.
History
21 Nov 2024, 09:07
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://github.com/usememos/memos/commit/6ffc09d86a1302c384ef085aa70c7bddb3ce7ba9 - | |
References | () https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos - |
19 Apr 2024, 16:19
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1. | |
References |
|
|
19 Apr 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-19 15:15
Updated : 2024-11-21 09:07
NVD link : CVE-2024-29028
Mitre link : CVE-2024-29028
CVE.ORG link : CVE-2024-29028
JSON object : View
Products Affected
No product.
CWE
CWE-918
Server-Side Request Forgery (SSRF)