memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.

Affected Packages

Go github.com/usememos/memos

Affected versions: 0 (fixed in 0.16.1)

Related CVEs

CVE-2024-29028

Key Information

GHSA ID

GHSA-6fcf-g3mp-xj2x

Published

August 5, 2024 9:29 PM

Last Modified

August 5, 2024 9:29 PM

CVSS Score

5.0 /10

Primary Ecosystem

Primary Package

github.com/usememos/memos

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 11, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.