First published: Fri Apr 19 2024(Updated: )
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.
Credit: security-advisories@github.com
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.