Vulnerabilities (CVE)

Filtered by vendor Gogs Subscribe
Total 25 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-16409 1 Gogs 1 Gogs 2024-11-21 5.0 MEDIUM 8.6 HIGH
In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF.
CVE-2018-15193 1 Gogs 1 Gogs 2024-11-21 6.8 MEDIUM 8.8 HIGH
A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link.
CVE-2018-15192 2 Gitea, Gogs 2 Gitea, Gogs 2024-11-21 5.0 MEDIUM 8.6 HIGH
An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services.
CVE-2018-15178 1 Gogs 1 Gogs 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go.
CVE-2022-1884 2 Gogs, Microsoft 2 Gogs, Windows 2024-11-19 N/A 9.8 CRITICAL
A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` to upload a file into the .git directory, allowing them to write or rewrite the `.git/config` file. If the `core.sshCommand` is set, this can lead to remote command execution.