CVE-2022-4851 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
@huntrdev	CNA	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 25%

Vendor	Product	Version
usememos	memos	𝑥 < 0.9.1

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-229 - Improper Handling of Values
The software does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.

References

https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53

https://huntr.dev/bounties/e3cebc1a-1326-4a08-abad-0414a717fa0f

https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53

https://huntr.dev/bounties/e3cebc1a-1326-4a08-abad-0414a717fa0f