Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-4609: chore: restrict the html file (#749) · usememos/memos@726285e

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.

CVE
Open in Source
#xss#vulnerability#git

Skip to content

Sign up

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

*   Explore
*   All features
*   Documentation
*   GitHub Skills
*   Blog

    • For

    • Enterprise

    • Teams

    • Startups

    • Education

    • By Solution

    • CI/CD & Automation

    • DevOps

    • DevSecOps

    • Case Studies

    • Customer Stories

    • Resources

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

*   Repositories
*   Topics
*   Trending
*   Collections

  • Pricing

  • In this repository All GitHub

  • No suggested jump to results

  • In this repository All GitHub

  • In this organization All GitHub

  • In this repository All GitHub

Sign in

Sign up

usememos / memos Public

  • Notifications
  • Fork 264
  • Star 4.7k
  • Code
  • Issues 39
  • Pull requests 1
  • Discussions
  • Actions
  • Projects 1
  • Wiki
  • Security
  • Insights

More

Permalink

Browse files

chore: restrict the html file (#749)

* restrict the html file

* replace spaces with table

* remove space

  • Loading branch information

lujiefsi committed

Dec 19, 2022

1 parent bd6ab71 commit 726285e63467820f94cbf872abe71025a161c212

Showing 1 changed file with 5 additions and 0 deletions.

5 server/resource.go

Show comments View file

@@ -7,6 +7,7 @@ import (

“net/http”

“net/url”

“strconv”

“strings”

“time”

“github.com/usememos/memos/api”

@@ -42,6 +43,10 @@ func (s *Server) registerResourceRoutes(g *echo.Group) {

}

filename := file.Filename

if strings.HasSuffix(filename, “.html”) {

return echo.NewHTTPError(http.StatusBadRequest, “html file is not allowed”)

}

filetype := file.Header.Get(“Content-Type”)

size := file.Size

src, err := file.Open()

0 comments on commit 726285e

Please sign in to comment.

Related news

GHSA-rgj5-jj5q-v3v7: Memos Cross-site Scripting vulnerability

Memos, an open-source, self-hosted memo hub, is vulnerable to stored Cross-site Scripting (XSS) in versions 0.8.3 and prior. A patch is available and anticipated to be part of version 0.9.0.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE