x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-2g7r-9xq5-c6hv #2065

GoVulnBot · 2023-09-18T20:01:18Z

In GitHub Security Advisory GHSA-2g7r-9xq5-c6hv, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/usememos/memos	0.15.1	< 0.15.1

Cross references:

Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-rgj5-jj5q-v3v7 #1173 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-c8jh-vcjh-fx2w #1189 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-vwg4-846x-f94v #1190 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-w57v-6xp4-rm2v #1191 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-qcw2-492v-57xj #1192 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-9v48-2h5x-fvpm #1205 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-68gw-r2x5-7r5r #1215 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-f552-97qx-c694 #1216 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-fv6c-rfg3-gvjw #1217 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-qr52-59r6-49f4 #1218 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-33m8-f4hw-wm3q #1219 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-j593-h5v3-45x6 #1220 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-97rc-mm5j-f6rj #1225 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-c2v4-8r9g-g5xj #1226 NOT_GO_CODE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-v92p-phmp-xffr #1228 NOT_GO_CODE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-f83p-pg86-p922 #1235 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-ghx2-6v4g-9wmm #1236 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-jvq8-w7qv-hqp6 #1239 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-mfvq-m3jj-8864 #1240 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-qcf5-m2c6-89f2 #1243 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-qrrf-xvcf-p64q #1244 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-qw36-rw5q-gxcq #1245 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-rx2m-xr4x-54hh #1248 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-642q-2q68-9j3p #1250 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-6fx9-29x2-fmfj #1251 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-6w5w-wx8w-2cq9 #1252 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-7qpw-2j9m-rw8c #1253 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-c5hq-35h7-r9x4 #1254 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-cwrm-33qq-4w2x #1255 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-gfj4-wg89-m22r #1256 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-gw9m-2m5v-c6x5 #1257 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-gxqf-4g4p-q3hc #1258 NOT_GO_CODE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-hc5q-26h8-r9wf #1259 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-m5pr-wm6q-x4g2 #1260 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-pp3p-6jjh-rmg7 #1261 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-pwhr-p68w-296x #1262 NOT_GO_CODE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-qf9q-3wwx-8qjv #1263 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-r7hg-2cpp-8wqq #1264 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-rmhx-9h5h-3xh3 #1265 NOT_GO_CODE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-vh43-cc6x-prpr #1266 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-6whj-8g9g-5jvx #1270 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-8w5q-5fpq-v4pm #1271 NOT_GO_CODE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-x9p9-v3x6-68mq #1272 NOT_GO_CODE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-42q2-m54f-jh95 #1285 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-5jqp-wmhj-g33f #1286 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-mfmp-8mqg-q4wm #1291 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-mq5q-gpgv-pwxw #1292 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-r3p3-5f35-h6mf #1449 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-8686-4cr3-76wj #1460 NOT_GO_CODE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-9h7x-9pmh-7gg8 #1461 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-fpjc-cxr6-w6h8 #1462 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-h2ph-9r76-37v5 #1465 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-pcvh-px2p-vmxw #1467 NOT_GO_CODE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-x22v-qgm2-7qc7 #1469 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-5j6p-59cj-j6cp #2036 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-96gq-6ch5-mm54 #2037 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-j2gj-g3p9-7mrr #2038 EFFECTIVELY_PRIVATE
Module github.com/usememos/memos appears in issue x/vulndb: potential Go vuln in github.com/usememos/memos/server: CVE-2022-25978 #1566

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/usememos/memos
      versions:
        - fixed: 0.15.1
      vulnerable_at: 0.15.0
      packages:
        - package: github.com/usememos/memos
summary: Cross-Site Request Forgery (CSRF) in usememos/memos
description: |-
    Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to
    0.15.1.
cves:
    - CVE-2023-5036
ghsas:
    - GHSA-2g7r-9xq5-c6hv
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2023-5036
    - fix: https://github.com/usememos/memos/commit/97b434722cf0abe3cfcad5ac9e3d520233bf1536
    - web: https://huntr.dev/bounties/46881df7-eb41-4ce2-a78f-82de9bc4fc2d
    - advisory: https://github.com/advisories/GHSA-2g7r-9xq5-c6hv

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-09-18T23:44:49Z

Change https://go.dev/cl/529256 mentions this issue: data/excluded: batch add 3 excluded reports

gopherbot · 2024-06-14T17:44:24Z

Change https://go.dev/cl/592763 mentions this issue: data/reports: unexclude 75 reports

gopherbot · 2024-08-20T16:55:02Z

Change https://go.dev/cl/606791 mentions this issue: data/reports: unexclude 20 reports (11)

- data/reports/GO-2023-2051.yaml - data/reports/GO-2023-2053.yaml - data/reports/GO-2023-2055.yaml - data/reports/GO-2023-2063.yaml - data/reports/GO-2023-2065.yaml - data/reports/GO-2023-2066.yaml - data/reports/GO-2023-2067.yaml - data/reports/GO-2023-2068.yaml - data/reports/GO-2023-2069.yaml - data/reports/GO-2023-2070.yaml - data/reports/GO-2023-2071.yaml - data/reports/GO-2023-2072.yaml - data/reports/GO-2023-2073.yaml - data/reports/GO-2023-2075.yaml - data/reports/GO-2023-2078.yaml - data/reports/GO-2023-2079.yaml - data/reports/GO-2023-2080.yaml - data/reports/GO-2023-2084.yaml - data/reports/GO-2023-2085.yaml - data/reports/GO-2023-2088.yaml Updates #2051 Updates #2053 Updates #2055 Updates #2063 Updates #2065 Updates #2066 Updates #2067 Updates #2068 Updates #2069 Updates #2070 Updates #2071 Updates #2072 Updates #2073 Updates #2075 Updates #2078 Updates #2079 Updates #2080 Updates #2084 Updates #2085 Updates #2088 Change-Id: I0103dfe39411ae2cf3d74933349260db7dc3496b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606791 Commit-Queue: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com>

zpavlinovic self-assigned this Sep 18, 2023

zpavlinovic added the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Sep 18, 2023

gopherbot closed this as completed in ad367cf Sep 19, 2023

This was referenced Aug 1, 2024

github.com/usememos/memos: CVE-2024-29029 tatianab/scratch#25

Open

github.com/usememos/memos: CVE-2024-29030 tatianab/scratch#26

Open

GoVulnBot mentioned this issue Aug 22, 2024

x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-p4fx-qf2h-jpmj #3088

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-2g7r-9xq5-c6hv #2065

x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-2g7r-9xq5-c6hv #2065

GoVulnBot commented Sep 18, 2023

gopherbot commented Sep 18, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-2g7r-9xq5-c6hv #2065

x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-2g7r-9xq5-c6hv #2065

Comments

GoVulnBot commented Sep 18, 2023

gopherbot commented Sep 18, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024