Closed GoVulnBot closed 1 year ago
In GitHub Security Advisory GHSA-96gq-6ch5-mm54, there is a vulnerability in the following Go packages or modules:
Cross references:
See doc/triage.md for instructions on how to triage this report.
modules: - module: github.com/usememos/memos versions: - introduced: TODO (earliest fixed "", vuln range "< 0.13.2") packages: - package: github.com/usememos/memos summary: usememos/memos vulnerable to improper input validation description: Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2. cves: - CVE-2023-4698 ghsas: - GHSA-96gq-6ch5-mm54 references: - web: https://nvd.nist.gov/vuln/detail/CVE-2023-4698 - fix: https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd - web: https://huntr.dev/bounties/e1107d79-1d63-4238-90b7-5cc150512654 - advisory: https://github.com/advisories/GHSA-96gq-6ch5-mm54
Change https://go.dev/cl/527176 mentions this issue: data/excluded: batch add 14 excluded reports
data/excluded: batch add 14 excluded reports
Change https://go.dev/cl/592762 mentions this issue: data/reports: unexclude 75 reports
data/reports: unexclude 75 reports
In GitHub Security Advisory GHSA-96gq-6ch5-mm54, there is a vulnerability in the following Go packages or modules:
Cross references:
See doc/triage.md for instructions on how to triage this report.