{"id":"GO-2023-2038","summary":"Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos","details":"Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos in github.com/usememos/memos","aliases":["CVE-2023-4696","GHSA-j2gj-g3p9-7mrr"],"modified":"2026-03-17T04:47:54.758577Z","published":"2024-08-21T14:17:52Z","database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2023-2038"},"references":[{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-j2gj-g3p9-7mrr"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4696"},{"type":"FIX","url":"https://github.com/usememos/memos/commit/c9aa2eeb9852047e4f41915eb30726bd25f07ecd"},{"type":"WEB","url":"https://huntr.dev/bounties/4747a485-77c3-4bb5-aab0-21253ef303ca"}],"affected":[{"package":{"name":"github.com/usememos/memos","ecosystem":"Go","purl":"pkg:golang/github.com/usememos/memos"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.13.2"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2023-2038.json"}}],"schema_version":"1.7.5"}