Latest gogs gogs Vulnerabilities

CVE-2022-2024
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.
Gogs Gogs<0.12.11
CVE-2022-32174
In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.
Gogs Gogs>=0.6.5<=0.12.10
CVE-2022-31038
Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly display...
Gogs Gogs<0.12.9
CVE-2022-1993
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.
Gogs Gogs<0.12.9
CVE-2022-1992
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.
Gogs Gogs<0.12.9
Microsoft Windows
CVE-2022-1986
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.
Gogs Gogs<0.12.9
CVE-2021-32546
Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration...
Gogs Gogs<0.12.8
CVE-2022-1285
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8.
Gogs Gogs<0.12.8
CVE-2022-0415
Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.
Gogs Gogs<0.12.6
CVE-2022-0871
Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5.
Gogs Gogs<0.12.5
CVE-2022-0870
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.
Gogs Gogs<0.12.5
CVE-2020-15867
The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not h...
Gogs Gogs>=0.5.5<=0.12.2
CVE-2020-14958
In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check.
Gogs Gogs=0.11.91
CVE-2020-9329
Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition.
Gogs Gogs<=0.11.91
CVE-2019-14544
routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks.
Gogs Gogs=0.11.86
CVE-2018-20303
In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE...
Gogs Gogs<0.11.82.1218
CVE-2018-18925
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to ...
Gogs Gogs<=0.11.66
CVE-2018-17031
In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated by Internet Explorer, because an "X-Content-Type-Options: nosniff" header is...
Gogs Gogs=0.11.53
CVE-2018-16409
In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF.
Gogs Gogs=0.11.53
CVE-2018-15192
An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services.
Gitea Gitea<1.5.0
Gitea Gitea=1.5.0-rc1
Gitea Gitea=1.5.0-rc2
Gogs Gogs<=0.11.53
CVE-2018-15193
A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link.
Gogs Gogs=0.11.53

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203