Описание
usememos/memos may leak user information to an authenticated user
usememos/memos 0.9.0 and prior has endpoint that leaks user information like names, email, role, and OpenID to an authenticated user. A patch is available at commit 05b41804e33a34102f1f75bb2d69195dda6a1210 on the main branch.
Пакеты
Наименование
github.com/usememos/memos
go
Затронутые версииВерсия исправления
<= 0.9.0
0.9.1
Связанные уязвимости
CVSS3: 8.1
nvd
около 3 лет назад
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.