Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-4850: chore: fix CSRF (#876) · usememos/memos@c9bb2b7

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

CVE
#csrf#vulnerability#git

Skip to content

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

*   Explore
*   All features
*   Documentation
*   GitHub Skills
*   Blog
    • For

    • Enterprise

    • Teams

    • Startups

    • Education

    • By Solution

    • CI/CD & Automation

    • DevOps

    • DevSecOps

    • Case Studies

    • Customer Stories

    • Resources

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

*   Repositories
*   Topics
*   Trending
*   Collections
  • Pricing

  • Notifications

  • Fork 297

  • Code

  • Issues 50

  • Pull requests 3

  • Discussions

  • Actions

  • Projects 1

  • Wiki

  • Security

  • Insights

Permalink

Browse files

chore: fix CSRF (#876)

  • Loading branch information

1 parent 64e5c34 commit c9bb2b785dc5852655405d5c9ab127a2d5aa3948

Showing 2 changed files with 5 additions and 0 deletions.

    • acl.go
    • server.go

@@ -27,6 +27,7 @@ func setUserSession(ctx echo.Context, user *api.User) error {

Path: "/",

MaxAge: 3600 * 24 * 30,

HttpOnly: true,

SameSite: http.SameSiteStrictMode,

}

sess.Values[userIDContextKey] = user.ID

err := sess.Save(ctx.Request(), ctx.Response())

@@ -36,6 +36,10 @@ func NewServer(profile *profile.Profile) *Server {

`"status":${status},"error":"${error}"}` + "\n",

}))

e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{

TokenLookup: "cookie:_csrf",

}))

e.Use(middleware.CORS())

e.Use(middleware.TimeoutWithConfig(middleware.TimeoutConfig{

0 comments on commit c9bb2b7

Please sign in to comment.

Related news

GHSA-c5hq-35h7-r9x4: usememos/memos Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos 0.9.0 and prior.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda