-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/usememos/memos | go | < 0.9.0 | 0.9.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from structs used in PATCH operations having their ID fields exposed in JSON payloads. The patch added json:"-" tags to prevent ID field deserialization from user input. This indicates the original implementations allowed clients to specify resource IDs in update requests, bypassing server-side access control checks. All modified structs with ID fields in API handlers were vulnerable entry points for ID manipulation attacks.