GHSA-9rcw-c2f9-2j55: OpenZeppelin Contracts Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers

GHSA-76c9-3jph-rj3q: on-headers is vulnerable to http response header manipulation

GHSA-fjgf-rc76-4x9p: Multer vulnerable to Denial of Service via unhandled exception from malformed request

GHSA-29cq-5w36-x7w3: Livewire is vulnerable to remote command execution during component property update hydration

GHSA-hfj7-542q-8fvv: DiracX-Web is vulnerable to attack through an Open Redirect on its login page

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker to read private information or make privileged changes to the system as the vulnerable user account.

**memos CORS Misconfiguration in server.go (GHSL-2024-034)**

High severity GitHub Reviewed Published Aug 22, 2024 to the GitHub Advisory Database • Updated Aug 22, 2024

Headline

GHSA-p4fx-qf2h-jpmj: memos CORS Misconfiguration in server.go (GHSL-2024-034)

ghsa: Latest News