CVE-2022-4734

Name of the Vulnerable Software and Affected Versions usememos/memos versions prior to 0.9.1

Description The issue concerns the exposure of sensitive user information, including names, email, role, and OpenID, to an authenticated user. This is due to improper removal of sensitive information before storage or transfer. A patch is available to address this issue.

Recommendations For versions prior to 0.9.1, update to version 0.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the endpoint that leaks user information until the patch is applied.