Site icon API Security Blog

Information Disclosure

github.com/usememos/memos is vulnerable to information disclosure. An attacker is able to make a private memo into a public memo in order to view it using the memo ID via making a PATCH request to `/api/memo/` and view the memo data of the victim.Read More

Exit mobile version