CVE-2018-18925
First published: Sun Nov 04 2018(Updated: )
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gogs Gogs | <=0.11.66 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID is CVE-2018-18925.
What is the severity level of CVE-2018-18925?
The severity level of CVE-2018-18925 is critical.
How does CVE-2018-18925 allow remote code execution?
CVE-2018-18925 allows remote code execution by not properly validating session IDs, allowing for a session-file forgery.
What version of Gogs is affected by CVE-2018-18925?
Gogs version 0.11.66 is affected by CVE-2018-18925.
Is there a fix available for CVE-2018-18925?
Yes, a fix is available for CVE-2018-18925. Please refer to the provided reference for more information.
- collector/nvd-index
- agent/author
- agent/type
- vendor/gogs
- canonical/gogs gogs
- version/gogs gogs/0.11.66