Vulnerability — CVE-2024-29029

CVE-2024-29029

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2024-29029
Description:: memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Version 0.22.0 of memos removes the vulnerable file.
Last updated date:: 01/02/2025

Type:: exploit
Confidence:: HIGH
Date of publishing:: 01/02/2025
Reference url to background: https://securitylab.github.com/advisories/GHSL-2023-154_GHSL-2023-156_memos/