Описание
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.
Пакеты
Наименование
github.com/usememos/memos
go
Затронутые версииВерсия исправления
< 0.16.1
0.16.1
Связанные уязвимости
CVSS3: 5.8
nvd
почти 2 года назад
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.