x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-96gq-6ch5-mm54

GoVulnBot commented 1 year ago

In GitHub Security Advisory GHSA-96gq-6ch5-mm54, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/usememos/memos		< 0.13.2

Cross references:

Module github.com/usememos/memos appears in issue #1173 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1189 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1190 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1191 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1192 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1205 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1215 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1216 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1217 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1218 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1219 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1220 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1225 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1226 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1228 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1235 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1236 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1239 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1240 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1243 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1244 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1245 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1248 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1250 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1251 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1252 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1253 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1254 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1255 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1256 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1257 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1258 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1259 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1260 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1261 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1262 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1263 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1264 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1265 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1266 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1270 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1271 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1272 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1285 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1286 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1291 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1292 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1449 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1460 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1461 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1462 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1465 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1467 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1469 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1566

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/usememos/memos
      versions:
        - introduced: TODO (earliest fixed "", vuln range "< 0.13.2")
      packages:
        - package: github.com/usememos/memos
summary: usememos/memos vulnerable to improper input validation
description: Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.
cves:
    - CVE-2023-4698
ghsas:
    - GHSA-96gq-6ch5-mm54
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2023-4698
    - fix: https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd
    - web: https://huntr.dev/bounties/e1107d79-1d63-4238-90b7-5cc150512654
    - advisory: https://github.com/advisories/GHSA-96gq-6ch5-mm54

gopherbot commented 1 year ago

Change https://go.dev/cl/527176 mentions this issue: data/excluded: batch add 14 excluded reports

gopherbot commented 3 months ago

Change https://go.dev/cl/592762 mentions this issue: data/reports: unexclude 75 reports

golang / vulndb

x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-96gq-6ch5-mm54 #2037