CVE-2022-4851
published 2022-12-29CVE-2022-4851: Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.
PriorityP423medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.77%
51.1th percentile
Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | usememos_memos | >= 0 < 0.9.1 | 0.9.1 |
| usememos | memos | < 0.9.1 | 0.9.1 |
| usememos | usememos_memos | >= unspecified < 0.9.1 | 0.9.1 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos
osv·2024-08-20
CVE-2022-4851 sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos
sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos
sememos/memos vulnerable to Improper Handling of Values in github.com/usememos/memos
OSV
sememos/memos vulnerable to Improper Handling of Values
osv·2022-12-29
CVE-2022-4851 [MEDIUM] sememos/memos vulnerable to Improper Handling of Values
sememos/memos vulnerable to Improper Handling of Values
In usememos/memos 0.9.0 and prior, an attacker can post malicious content to another user's memos page via POST request.
GHSA
sememos/memos vulnerable to Improper Handling of Values
ghsa·2022-12-29
CVE-2022-4851 [MEDIUM] CWE-229 sememos/memos vulnerable to Improper Handling of Values
sememos/memos vulnerable to Improper Handling of Values
In usememos/memos 0.9.0 and prior, an attacker can post malicious content to another user's memos page via POST request.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-29
Published