data/reports/GO-2025-4127.yaml - vulndb - Git at Google

 id: GO-2025-4127
 modules:
     - module: github.com/usememos/memos
       unsupported_versions:
         - last_affected: 0.18.1
       vulnerable_at: 0.25.2
 summary: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos
 cves:
     - CVE-2024-21635
 ghsas:
     - GHSA-mr34-8733-grr2
 references:
     - advisory: https://github.com/usememos/memos/security/advisories/GHSA-mr34-8733-grr2
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-21635
     - web: http://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures
     - web: https://owasp.org/Top10/A04_2021-Insecure_Design
 source:
     id: GHSA-mr34-8733-grr2
     created: 2025-11-17T12:49:15.335877024-05:00
 review_status: UNREVIEWED
	id: GO-2025-4127
	modules:
	- module: github.com/usememos/memos
	unsupported_versions:
	- last_affected: 0.18.1
	vulnerable_at: 0.25.2
	summary: Memos' Access Tokens Stay Valid after User Password Change in github.com/usememos/memos
	cves:
	- CVE-2024-21635
	ghsas:
	- GHSA-mr34-8733-grr2
	references:
	- advisory: https://github.com/usememos/memos/security/advisories/GHSA-mr34-8733-grr2
	- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-21635
	- web: http://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures
	- web: https://owasp.org/Top10/A04_2021-Insecure_Design
	source:
	id: GHSA-mr34-8733-grr2
	created: 2025-11-17T12:49:15.335877024-05:00
	review_status: UNREVIEWED