CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1986 – OS Command Injection in gogs/gogs
https://notcve.org/view.php?id=CVE-2022-1986
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. Una Inyección de comandos del Sistema Operativo en el repositorio de GitHub gogs/gogs versiones anteriores a 0.12.9 • https://github.com/gogs/gogs/commit/38aff73251cc46ced96dd608dab6190415032a82 https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31038 – XSS vulnerability in repository issue list in Gogs
https://notcve.org/view.php?id=CVE-2022-31038
Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters. • https://github.com/gogs/gogs/commit/155cae1de8916fc3fde78f350763034b7422caee https://github.com/gogs/gogs/pull/7009 https://github.com/gogs/gogs/security/advisories/GHSA-xq4v-vrp9-vcf2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 2%CPEs: 1EXPL: 1CVE-2022-1993 – Path Traversal in gogs/gogs
https://notcve.org/view.php?id=CVE-2022-1993
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. Un Salto de Ruta en el repositorio de GitHub gogs/gogs versiones anteriores a 0.12.9 • https://github.com/gogs/gogs/commit/9bf748b6c4c9a17d3aa77f6b9abcfae65451febf https://huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1992 – Path Traversal in gogs/gogs
https://notcve.org/view.php?id=CVE-2022-1992
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. Un Salto de Ruta en el repositorio de GitHub gogs/gogs versiones anteriores a 0.12.9 • https://github.com/gogs/gogs/commit/2ca014250fbf0bba94c914d9e43b1f6d8eca3bb0 https://huntr.dev/bounties/2e8cdc57-a9cf-46ae-9088-87f09e6c90ab • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1285 – Server-Side Request Forgery (SSRF) in gogs/gogs
https://notcve.org/view.php?id=CVE-2022-1285
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en el repositorio de GitHub gogs/gogs versiones anteriores a 0.12.8 • https://github.com/gogs/gogs/commit/7885f454a4946c4bbec1b4f8c603b5eea7429c7f https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c47046d • CWE-918: Server-Side Request Forgery (SSRF) •