CVE-2024-29028

nvd nist nuclei

Published: Apr 19, 2024Modified: Jul 7, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.

Affected (1)

Products: Usememos: Memos

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Usememos Memos	From 0.13.2 to 0.16.1

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

https://github.com/usememos/memos/commit/6ffc09d86a1302c384ef085aa70c7bddb3ce7ba9

Source: security-advisories@github.com

Patch

https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos

Source: security-advisories@github.com

ExploitThird Party Advisory

https://github.com/usememos/memos/commit/6ffc09d86a1302c384ef085aa70c7bddb3ce7ba9

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.