search

golang / vulndb

[mirror] The Go Vulnerability Database
Other
560 stars 58 forks source link

x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-6whj-8g9g-5jvx #1270

Closed GoVulnBot closed 1 year ago

GoVulnBot commented 1 year ago

In GitHub Security Advisory GHSA-6whj-8g9g-5jvx, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
github.com/usememos/memos 0.9.1 < 0.9.1

Cross references: No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: TODO
    versions:
      - fixed: 0.9.1
    packages:
      - package: github.com/usememos/memos
description: Improper Handling of Insufficient Permissions or Privileges in GitHub
    repository usememos/memos prior to 0.9.1.
cves:
  - CVE-2022-4863
ghsas:
  - GHSA-6whj-8g9g-5jvx
zpavlinovic commented 1 year ago

Duplicate of https://github.com/golang/vulndb/issues/1259

tatianab commented 1 year ago

Needs excluded report

gopherbot commented 1 year ago

Change https://go.dev/cl/513918 mentions this issue: data/excluded: batch add 26 excluded reports

gopherbot commented 3 months ago

Change https://go.dev/cl/592759 mentions this issue: data/reports: unexclude 75 reports

gopherbot commented 1 month ago

Change https://go.dev/cl/606781 mentions this issue: data/reports: unexclude 20 reports (1)