PT-2024-22682 · Memos · Memos

Kevin Stubbings

Published

2024-04-18

Updated

2025-03-26

CVE-2024-29029

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Name of the Vulnerable Software and Affected Versions memos versions 0.13.2 through 0.21.x

Description memos is a privacy-first, lightweight note-taking service. An SSRF vulnerability exists at the "/o/get/image" API endpoint that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability.

Recommendations For memos versions 0.13.2 through 0.21.x, update to version 0.22.0 to resolve the issue. As a temporary workaround, consider disabling access to the "/o/get/image" API endpoint until a patch is available.

Exploit

Fix

SSRF

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918CWE-79

Related Identifiers

CVE-2024-29029

GHSA-9CQM-MGV9-VV9J

GO-2024-3049

Affected Products

Memos

PT-2024-22682 · Memos · Memos

CVE-2024-29029

Weakness Enumeration

Related Identifiers

Affected Products

References · 14