Page 2 of 30 results (0.004 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. Una Inyección de comandos del Sistema Operativo en el repositorio de GitHub gogs/gogs versiones anteriores a 0.12.9 • https://github.com/gogs/gogs/commit/38aff73251cc46ced96dd608dab6190415032a82 https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters. • https://github.com/gogs/gogs/commit/155cae1de8916fc3fde78f350763034b7422caee https://github.com/gogs/gogs/pull/7009 https://github.com/gogs/gogs/security/advisories/GHSA-xq4v-vrp9-vcf2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.1EPSS: 2%CPEs: 1EXPL: 1

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. Un Salto de Ruta en el repositorio de GitHub gogs/gogs versiones anteriores a 0.12.9 • https://github.com/gogs/gogs/commit/9bf748b6c4c9a17d3aa77f6b9abcfae65451febf https://huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. Un Salto de Ruta en el repositorio de GitHub gogs/gogs versiones anteriores a 0.12.9 • https://github.com/gogs/gogs/commit/2ca014250fbf0bba94c914d9e43b1f6d8eca3bb0 https://huntr.dev/bounties/2e8cdc57-a9cf-46ae-9088-87f09e6c90ab • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1

Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en el repositorio de GitHub gogs/gogs versiones anteriores a 0.12.8 • https://github.com/gogs/gogs/commit/7885f454a4946c4bbec1b4f8c603b5eea7429c7f https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c47046d • CWE-918: Server-Side Request Forgery (SSRF) •