memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-04-19T15:14:09.993Z
Updated: 2024-06-04T17:58:18.206Z
Reserved: 2024-03-14T16:59:47.612Z
Link: CVE-2024-29029
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-04-19T16:15:09.853
Modified: 2024-04-19T16:19:49.043
Link: CVE-2024-29029
JSON object: View
Redhat Information
No data.