CVE-2024-29028

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.
Configurations

No configuration.

History

19 Apr 2024, 16:19

Type Values Removed Values Added
Summary (en) memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. (en) memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.
References
  • {'url': 'https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/', 'source': 'security-advisories@github.com'}
  • () https://github.com/usememos/memos/commit/6ffc09d86a1302c384ef085aa70c7bddb3ce7ba9 -
  • () https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos -

19 Apr 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-19 15:15

Updated : 2024-04-19 16:19


NVD link : CVE-2024-29028

Mitre link : CVE-2024-29028

CVE.ORG link : CVE-2024-29028


JSON object : View

Products Affected

No product.

CWE
CWE-918

Server-Side Request Forgery (SSRF)