GHSA-jh6x-7xfg-9cq2: Searching Opencast may cause a denial of service

GHSA-gjcc-jvgw-wvwj: Litestar allows unbounded resource consumption (DoS vulnerability) 

GHSA-r4pg-vg54-wxx4: cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs

GHSA-9c5p-35gj-jqp4: Rancher Helm Applications may have sensitive values leaked

GHSA-ffp2-8p2h-4m5j: Password Pusher rate limiter can be bypassed by forging proxy headers

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the `/o/get/image` that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Version 0.22.0 of memos removes the vulnerable file.

**memos vulnerable to Server-Side Request Forgery and Cross-site Scripting**

Moderate severity GitHub Reviewed Published Aug 5, 2024 to the GitHub Advisory Database • Updated Aug 5, 2024

Headline

GHSA-9cqm-mgv9-vv9j: memos vulnerable to Server-Side Request Forgery and Cross-site Scripting

ghsa: Latest News