Gogs 0.12.8 Release Candidate 1

CPE Details

Gogs 0.12.8 Release Candidate 1
0.12.8
2022-06-13
16h09 +00:00
2022-06-14
11h22 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gogs:gogs:0.12.8:rc1:*:*:*:*:*:*

Informations

Vendor

gogs

Product

gogs

Version

0.12.8

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-44625 2024-11-14 23h00 +00:00 Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go.
8.8
High
CVE-2022-2024 2023-02-25 00h00 +00:00 OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.
9.8
Critical
CVE-2022-32174 2022-10-11 14h20 +00:00 In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.
9
Critical
CVE-2022-1986 2022-06-09 01h35 +00:00 OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.
9.8
Critical
CVE-2022-31038 2022-06-08 15h40 +00:00 Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters.
5.4
Medium
CVE-2022-1993 2022-06-08 11h55 +00:00 Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.
8.1
High
CVE-2022-1992 2022-06-08 11h30 +00:00 Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.
9.1
Critical