CVE-2022-4683: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

December 23, 2022 (updated December 27, 2022)

Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute in GitHub repository usememos/memos prior to 0.9.0.

References

github.com/advisories/GHSA-qcw2-492v-57xj
github.com/usememos/memos/commit/7efa749c6628c75b19a912ca170529f5c293bb2e
huntr.dev/bounties/84973f6b-739a-4d7e-8757-fc58cbbaf6ef
nvd.nist.gov/vuln/detail/CVE-2022-4683

Detect and mitigate CVE-2022-4683 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →