Total
23 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-20303 | 1 Gogs | 1 Gogs | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925. | |||||
CVE-2018-15178 | 1 Gogs | 1 Gogs | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go. | |||||
CVE-2018-17031 | 1 Gogs | 1 Gogs | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated by Internet Explorer, because an "X-Content-Type-Options: nosniff" header is not sent. |