CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2024 – OS Command Injection in gogs/gogs
https://notcve.org/view.php?id=CVE-2022-2024
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11. • https://github.com/gogs/gogs/commit/15d0d6a94be0098a8227b6b95bdf2daed105ec41 https://huntr.dev/bounties/18cf9256-23ab-4098-a769-85f8da130f97 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-32174 – Gogs - XSS
https://notcve.org/view.php?id=CVE-2022-32174
In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover. En Gogs, las versiones v0.6.5 hasta v0.12.10, son vulnerables a un ataque de tipo Cross-Site Scripting (XSS) Almacenado que conlleva una toma de control de la cuenta • https://github.com/gogs/gogs/blob/v0.12.10/public/js/gogs.js#L263 https://www.mend.io/vulnerability-database/CVE-2022-32174 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1986 – OS Command Injection in gogs/gogs
https://notcve.org/view.php?id=CVE-2022-1986
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. Una Inyección de comandos del Sistema Operativo en el repositorio de GitHub gogs/gogs versiones anteriores a 0.12.9 • https://github.com/gogs/gogs/commit/38aff73251cc46ced96dd608dab6190415032a82 https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31038 – XSS vulnerability in repository issue list in Gogs
https://notcve.org/view.php?id=CVE-2022-31038
Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters. • https://github.com/gogs/gogs/commit/155cae1de8916fc3fde78f350763034b7422caee https://github.com/gogs/gogs/pull/7009 https://github.com/gogs/gogs/security/advisories/GHSA-xq4v-vrp9-vcf2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 2%CPEs: 1EXPL: 1CVE-2022-1993 – Path Traversal in gogs/gogs
https://notcve.org/view.php?id=CVE-2022-1993
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. Un Salto de Ruta en el repositorio de GitHub gogs/gogs versiones anteriores a 0.12.9 • https://github.com/gogs/gogs/commit/9bf748b6c4c9a17d3aa77f6b9abcfae65451febf https://huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •