-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/usememos/memos | go | <= 0.9.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from two key missing protections: 1) Session cookies without SameSite=Strict in setUserSession allowed credential leakage in cross-site contexts. 2) Absence of CSRF middleware in the server setup (via middleware.CSRFWithConfig) left all endpoints unprotected. The commit patched both by adding SameSite enforcement and CSRF token validation(), directly indicating these were the vulnerable points.
GoGo