x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-5j6p-59cj-j6cp

GoVulnBot commented 1 year ago

In GitHub Security Advisory GHSA-5j6p-59cj-j6cp, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/usememos/memos	0.13.2	< 0.13.2

Cross references:

Module github.com/usememos/memos appears in issue #1173 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1189 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1190 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1191 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1192 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1205 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1215 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1216 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1217 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1218 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1219 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1220 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1225 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1226 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1228 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1235 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1236 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1239 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1240 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1243 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1244 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1245 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1248 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1250 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1251 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1252 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1253 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1254 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1255 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1256 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1257 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1258 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1259 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1260 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1261 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1262 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1263 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1264 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1265 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1266 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1270 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1271 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1272 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1285 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1286 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1291 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1292 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1449 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1460 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1461 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1462 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1465 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1467 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1469 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1566

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/usememos/memos
      versions:
        - fixed: 0.13.2
      vulnerable_at: 0.13.1
      packages:
        - package: github.com/usememos/memos
summary: usememos/memos vulnerable to privilege escalation
description: |-
    Improper Privilege Management in GitHub repository usememos/memos prior to
    0.13.2.
cves:
    - CVE-2023-4697
ghsas:
    - GHSA-5j6p-59cj-j6cp
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2023-4697
    - fix: https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd
    - web: https://huntr.dev/bounties/3ff3325a-1dcb-4da7-894d-81a9cf726d81
    - advisory: https://github.com/advisories/GHSA-5j6p-59cj-j6cp

gopherbot commented 1 year ago

Change https://go.dev/cl/527176 mentions this issue: data/excluded: batch add 14 excluded reports

gopherbot commented 5 months ago

Change https://go.dev/cl/592762 mentions this issue: data/reports: unexclude 75 reports

gopherbot commented 2 months ago

Change https://go.dev/cl/606790 mentions this issue: data/reports: unexclude 20 reports (10)

golang / vulndb

x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-5j6p-59cj-j6cp #2036