CVE ID | Published | Description | Score | Severity |
---|---|---|---|---|
Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go. | 8.8 |
High |
||
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11. | 9.8 |
Critical |
||
In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover. | 9 |
Critical |
||
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. | 9.8 |
Critical |
||
Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters. | 5.4 |
Medium |
||
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. | 8.1 |
High |
||
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. | 9.1 |
Critical |