Moderate severityNVD Advisory· Updated Dec 28, 2022

CVE-2022-4685

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/usememos/memosGo	< 0.9.0	0.9.0

Patches

dca35bde877a

fix: disable decode patch id (#831)

https://github.com/usememos/memosboojackDec 23, 2022via ghsa

commit

4 files changed · +4 −4

api/memo.go+1 −1 modified

@@ -57,7 +57,7 @@ type MemoCreate struct {
 }
 
 type MemoPatch struct {
-	ID int
+	ID int `json:"-"`
 
 	// Standard fields
 	CreatedTs *int64 `json:"createdTs"`

api/resource.go+1 −1 modified

@@ -41,7 +41,7 @@ type ResourceFind struct {
 }
 
 type ResourcePatch struct {
-	ID int
+	ID int `json:"-"`
 
 	// Standard fields
 	UpdatedTs *int64

api/shortcut.go+1 −1 modified

@@ -24,7 +24,7 @@ type ShortcutCreate struct {
 }
 
 type ShortcutPatch struct {
-	ID int
+	ID int `json:"-"`
 
 	// Standard fields
 	UpdatedTs *int64

api/user.go+1 −1 modified

@@ -69,7 +69,7 @@ func (create UserCreate) Validate() error {
 }
 
 type UserPatch struct {
-	ID int
+	ID int `json:"-"`
 
 	// Standard fields
 	UpdatedTs *int64

Vulnerability mechanics

Not enough inputs (no patches or CWE) to synthesize mechanics for this CVE.

References

github.com/advisories/GHSA-9v48-2h5x-fvpmghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-4685ghsaADVISORY
github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9ghsaWEB
huntr.dev/bounties/015dbf52-8924-4aad-86d7-892cb61157afghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000