x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-96gq-6ch5-mm54 #2037

GoVulnBot · 2023-09-01T22:01:30Z

In GitHub Security Advisory GHSA-96gq-6ch5-mm54, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/usememos/memos		< 0.13.2

Cross references:

Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-rgj5-jj5q-v3v7 #1173 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-c8jh-vcjh-fx2w #1189 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-vwg4-846x-f94v #1190 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-w57v-6xp4-rm2v #1191 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-qcw2-492v-57xj #1192 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-9v48-2h5x-fvpm #1205 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-68gw-r2x5-7r5r #1215 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-f552-97qx-c694 #1216 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-fv6c-rfg3-gvjw #1217 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-qr52-59r6-49f4 #1218 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-33m8-f4hw-wm3q #1219 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-j593-h5v3-45x6 #1220 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-97rc-mm5j-f6rj #1225 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-c2v4-8r9g-g5xj #1226 NOT_GO_CODE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-v92p-phmp-xffr #1228 NOT_GO_CODE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-f83p-pg86-p922 #1235 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-ghx2-6v4g-9wmm #1236 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-jvq8-w7qv-hqp6 #1239 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-mfvq-m3jj-8864 #1240 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-qcf5-m2c6-89f2 #1243 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-qrrf-xvcf-p64q #1244 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-qw36-rw5q-gxcq #1245 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-rx2m-xr4x-54hh #1248 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-642q-2q68-9j3p #1250 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-6fx9-29x2-fmfj #1251 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-6w5w-wx8w-2cq9 #1252 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-7qpw-2j9m-rw8c #1253 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-c5hq-35h7-r9x4 #1254 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-cwrm-33qq-4w2x #1255 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-gfj4-wg89-m22r #1256 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-gw9m-2m5v-c6x5 #1257 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-gxqf-4g4p-q3hc #1258 NOT_GO_CODE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-hc5q-26h8-r9wf #1259 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-m5pr-wm6q-x4g2 #1260 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-pp3p-6jjh-rmg7 #1261 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-pwhr-p68w-296x #1262 NOT_GO_CODE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-qf9q-3wwx-8qjv #1263 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-r7hg-2cpp-8wqq #1264 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-rmhx-9h5h-3xh3 #1265 NOT_GO_CODE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-vh43-cc6x-prpr #1266 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-6whj-8g9g-5jvx #1270 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-8w5q-5fpq-v4pm #1271 NOT_GO_CODE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-x9p9-v3x6-68mq #1272 NOT_GO_CODE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-42q2-m54f-jh95 #1285 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-5jqp-wmhj-g33f #1286 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-mfmp-8mqg-q4wm #1291 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-mq5q-gpgv-pwxw #1292 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-r3p3-5f35-h6mf #1449 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-8686-4cr3-76wj #1460 NOT_GO_CODE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-9h7x-9pmh-7gg8 #1461 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-fpjc-cxr6-w6h8 #1462 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-h2ph-9r76-37v5 #1465 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-pcvh-px2p-vmxw #1467 NOT_GO_CODE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-x22v-qgm2-7qc7 #1469 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos/server: CVE-2022-25978 #1566

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/usememos/memos
      versions:
        - introduced: TODO (earliest fixed "", vuln range "< 0.13.2")
      packages:
        - package: github.com/usememos/memos
summary: usememos/memos vulnerable to improper input validation
description: Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.
cves:
    - CVE-2023-4698
ghsas:
    - GHSA-96gq-6ch5-mm54
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2023-4698
    - fix: https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd
    - web: https://huntr.dev/bounties/e1107d79-1d63-4238-90b7-5cc150512654
    - advisory: https://github.com/advisories/GHSA-96gq-6ch5-mm54

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-09-09T17:29:29Z

Change https://go.dev/cl/527176 mentions this issue: data/excluded: batch add 14 excluded reports

gopherbot · 2024-06-14T17:51:28Z

Change https://go.dev/cl/592762 mentions this issue: data/reports: unexclude 75 reports

timothy-king self-assigned this Sep 8, 2023

timothy-king added the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Sep 8, 2023

gopherbot closed this as completed in 74276ae Sep 11, 2023

GoVulnBot mentioned this issue Sep 18, 2023

x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-2g7r-9xq5-c6hv #2065

Closed

This was referenced Aug 1, 2024

github.com/usememos/memos: CVE-2024-29029 tatianab/scratch#25

Open

github.com/usememos/memos: CVE-2024-29030 tatianab/scratch#26

Open

GoVulnBot mentioned this issue Aug 22, 2024

x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-p4fx-qf2h-jpmj #3088

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-96gq-6ch5-mm54 #2037

x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-96gq-6ch5-mm54 #2037

GoVulnBot commented Sep 1, 2023

gopherbot commented Sep 9, 2023

gopherbot commented Jun 14, 2024

x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-96gq-6ch5-mm54 #2037

x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-96gq-6ch5-mm54 #2037

Comments

GoVulnBot commented Sep 1, 2023

gopherbot commented Sep 9, 2023

gopherbot commented Jun 14, 2024