CVE-2022-4851

Description

In usememos/memos 0.9.0 and prior, an attacker can post malicious content to another user's memos page via POST request.

Affected packages (2)

• Go/github.com/usememos/memosfrom 0, < 0.9.1
• Go/github.com/usememos/memosfrom 0, < 0.9.1

CVSS scores

References (5)

• ADVISORYhttps://github.com/advisories/GHSA-42q2-m54f-jh95
• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-4851
• PATCHhttps://github.com/usememos/memos
• WEBhttps://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53
• WEBhttps://huntr.dev/bounties/e3cebc1a-1326-4a08-abad-0414a717fa0f