memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/usememos/memos(Go) | 0 | 0.16.1 | N/A |
CVSS Metrics
