GHSA-w57v-6xp4-rm2v

Suggest an improvement
Source
https://github.com/advisories/GHSA-w57v-6xp4-rm2v
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-w57v-6xp4-rm2v/GHSA-w57v-6xp4-rm2v.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-w57v-6xp4-rm2v
Aliases
Published
2022-12-23T12:30:25Z
Modified
2024-08-21T16:28:43.424603Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
usememos/memos vulnerable to account takeover due to improper access control
Details

usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Versions prior to 0.9.0 improperly maintain access control allowing an attacker to take over an account by changing header values in the HTTP request.

Database specific 
{
    "nvd_published_at": "2022-12-23T12:15:00Z",
    "github_reviewed_at": "2022-12-27T01:57:10Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-284"
    ]
}
References

Affected packages

Go / github.com/usememos/memos

Package

Name
github.com/usememos/memos
View open source insights on deps.dev
Purl
pkg:golang/github.com/usememos/memos

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.0