CVE-2024-29029 Information

Description

memos is a privacy-first lightweight note-taking service. In memos 0.13.2 an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request causing a reflected XSS vulnerability.

Reference

https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/ https://github.com/usememos/memos/commit/bbd206e8930281eb040cc8c549641455892b9eb5 https://github.com/usememos/memos/blob/06dbd8731161245444f4b50f4f9ed267f7c3cf63/api/v1/http_getter.go#L29