CVE-2018-17031: XSS
First published: Fri Sep 14 2018(Updated: )
In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated by Internet Explorer, because an "X-Content-Type-Options: nosniff" header is not sent.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gogs Gogs | =0.11.53 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-17031?
CVE-2018-17031 is a vulnerability in Gogs 0.11.53 that allows an attacker to trigger MIME type sniffing, leading to XSS.
How does the vulnerability in Gogs 0.11.53 work?
The vulnerability in Gogs 0.11.53 allows an attacker to use a crafted .eml file to trigger MIME type sniffing, which can result in XSS.
What is the severity of CVE-2018-17031?
The severity of CVE-2018-17031 is medium with a CVSS score of 6.1.
How can I fix the vulnerability in Gogs 0.11.53?
To fix the vulnerability in Gogs 0.11.53, you need to update to version 0.12.0 or newer.
Where can I find more information about CVE-2018-17031?
You can find more information about CVE-2018-17031 at the following references: [NVD](https://nvd.nist.gov/vuln/detail/CVE-2018-17031), [GitHub Advisory](https://github.com/advisories/GHSA-px5r-fqj6-r2f8)
- collector/nvd-cve
- collector/nvd-index
- collector/github-advisory
- alias/GHSA-px5r-fqj6-r2f8
- alias/CVE-2018-17031
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/weakness
- vendor/gogs
- canonical/gogs gogs
- version/gogs gogs/0.11.53
- package-manager/go