CVE-2018-18925

Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron.
References
Link Resource
https://github.com/gogs/gogs/issues/5469 Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-11-04 05:29

Updated : 2024-02-28 16:48


NVD link : CVE-2018-18925

Mitre link : CVE-2018-18925

CVE.ORG link : CVE-2018-18925


JSON object : View

Products Affected

gogs

  • gogs
CWE
CWE-384

Session Fixation