x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-q347-cg56-pcq4

[GoVulnBot]

In GitHub Security Advisory GHSA-q347-cg56-pcq4, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
gogs.io/gogs	0.12.5	< 0.12.5

See doc/triage.md for instructions on how to triage this report.

package: gogs.io/gogs
versions:
  - introduced: v0.0.0
    fixed: v0.12.5
description: |
    ### Impact

    The malicious user is able to discover services in the internal network through repository migration functionality. All installations accepting public traffic are affected.

    ### Patches

    Internal network CIDRs are prohibited to be used as repository migration targets. Users should upgrade to 0.12.5 or the latest 0.13.0+dev.

    ### Workarounds

    Run Gogs in its own private network.

    ### References

    https://www.huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531/

    ### For more information

    If you have any questions or comments about this advisory, please post on #6754.
published: 2022-03-14T22:57:00Z
last_modified: 2022-03-18T13:33:22Z
ghsas:
  - GHSA-q347-cg56-pcq4

[neild]

Vulnerability in tool.

[gopherbot]

Change https://go.dev/cl/592767 mentions this issue: data/reports: unexclude 50 reports

[gopherbot]

Change https://go.dev/cl/607217 mentions this issue: data/reports: unexclude 20 reports (15)