Affected by GO-2024-3046
and 13 other vulnerabilities
GO-2024-3046: memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos
GO-2024-3047: memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos
GO-2024-3049: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos
GO-2024-3088: memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos
GO-2025-3492: Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos
GO-2025-3831: Memos has Cross-Site Scripting (XSS) Vulnerability in Image URLs in github.com/usememos/memos
GO-2025-3936: Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos
GO-2025-3937: Memos Vulnerable to Stored Cross-Site Scripting in github.com/usememos/memos
GO-2025-4127: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos
GO-2025-4215: memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos
GO-2025-4216: memos vulnerability allows arbitrarily modification or deletion of attachments in github.com/usememos/memos
GO-2025-4217: memos vulnerability allows the creation of arbitrary accounts in github.com/usememos/memos
GO-2025-4218: memos lacks file name validation or verification in github.com/usememos/memos
GO-2025-4220: memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos
This package is not in the latest version of its module.
Documentation
¶
Package getter is using to get resources from url. * Get metadata for website; * Get image blob to avoid CORS;
This section is empty.
This section is empty.
Source Files