x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-2g7r-9xq5-c6hv

GoVulnBot commented 1 year ago

In GitHub Security Advisory GHSA-2g7r-9xq5-c6hv, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/usememos/memos	0.15.1	< 0.15.1

Cross references:

Module github.com/usememos/memos appears in issue #1173 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1189 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1190 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1191 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1192 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1205 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1215 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1216 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1217 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1218 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1219 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1220 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1225 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1226 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1228 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1235 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1236 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1239 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1240 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1243 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1244 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1245 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1248 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1250 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1251 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1252 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1253 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1254 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1255 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1256 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1257 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1258 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1259 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1260 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1261 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1262 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1263 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1264 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1265 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1266 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1270 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1271 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1272 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1285 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1286 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1291 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1292 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1449 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1460 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1461 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1462 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1465 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1467 NOT_GO_CODE
Module github.com/usememos/memos appears in issue #1469 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #2036 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #2037 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #2038 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue #1566

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/usememos/memos
      versions:
        - fixed: 0.15.1
      vulnerable_at: 0.15.0
      packages:
        - package: github.com/usememos/memos
summary: Cross-Site Request Forgery (CSRF) in usememos/memos
description: |-
    Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to
    0.15.1.
cves:
    - CVE-2023-5036
ghsas:
    - GHSA-2g7r-9xq5-c6hv
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2023-5036
    - fix: https://github.com/usememos/memos/commit/97b434722cf0abe3cfcad5ac9e3d520233bf1536
    - web: https://huntr.dev/bounties/46881df7-eb41-4ce2-a78f-82de9bc4fc2d
    - advisory: https://github.com/advisories/GHSA-2g7r-9xq5-c6hv

gopherbot commented 1 year ago

Change https://go.dev/cl/529256 mentions this issue: data/excluded: batch add 3 excluded reports

gopherbot commented 5 months ago

Change https://go.dev/cl/592763 mentions this issue: data/reports: unexclude 75 reports

gopherbot commented 2 months ago

Change https://go.dev/cl/606791 mentions this issue: data/reports: unexclude 20 reports (11)

golang / vulndb

x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-2g7r-9xq5-c6hv #2065