We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
In GitHub Security Advisory GHSA-fg3x-rwq9-74cw, there is a vulnerability in the following Go packages or modules:
Cross references:
See doc/triage.md for instructions on how to triage this report.
modules: - module: gogs.io/gogs versions: - {} vulnerable_at: 0.13.0 packages: - package: gogs.io/gogs - module: gogs.io/gogs versions: - {} vulnerable_at: 0.13.0 packages: - package: code.gitea.io/gitea summary: Gogs and Gitea SSRF Vulnerability description: |- An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services. cves: - CVE-2018-15192 ghsas: - GHSA-fg3x-rwq9-74cw references: - web: https://nvd.nist.gov/vuln/detail/CVE-2018-15192 - report: https://github.com/go-gitea/gitea/issues/4624 - report: https://github.com/gogs/gogs/issues/5366 - advisory: https://github.com/advisories/GHSA-fg3x-rwq9-74cw
The text was updated successfully, but these errors were encountered:
Change https://go.dev/cl/514636 mentions this issue: data/excluded: batch add 31 excluded reports
data/excluded: batch add 31 excluded reports
Sorry, something went wrong.
2439098
Change https://go.dev/cl/592762 mentions this issue: data/reports: unexclude 75 reports
data/reports: unexclude 75 reports
Change https://go.dev/cl/606789 mentions this issue: data/reports: unexclude 20 reports (9)
data/reports: unexclude 20 reports (9)
d168918
- data/reports/GO-2023-1955.yaml - data/reports/GO-2023-1956.yaml - data/reports/GO-2023-1957.yaml - data/reports/GO-2023-1959.yaml - data/reports/GO-2023-1961.yaml - data/reports/GO-2023-1962.yaml - data/reports/GO-2023-1965.yaml - data/reports/GO-2023-1971.yaml - data/reports/GO-2023-1972.yaml - data/reports/GO-2023-1973.yaml - data/reports/GO-2023-1977.yaml - data/reports/GO-2023-1979.yaml - data/reports/GO-2023-1980.yaml - data/reports/GO-2023-1982.yaml - data/reports/GO-2023-1985.yaml - data/reports/GO-2023-1986.yaml - data/reports/GO-2023-1991.yaml - data/reports/GO-2023-1993.yaml - data/reports/GO-2023-1995.yaml - data/reports/GO-2023-1996.yaml Updates #1955 Updates #1956 Updates #1957 Updates #1959 Updates #1961 Updates #1962 Updates #1965 Updates #1971 Updates #1972 Updates #1973 Updates #1977 Updates #1979 Updates #1980 Updates #1982 Updates #1985 Updates #1986 Updates #1991 Updates #1993 Updates #1995 Updates #1996 Change-Id: I681627cba89cee6d3bc2def3924c65a3b5da4453 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606789 Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
neild
No branches or pull requests
In GitHub Security Advisory GHSA-fg3x-rwq9-74cw, there is a vulnerability in the following Go packages or modules:
Cross references:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: