-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/vulndb: potential Go vuln in github.com/gogs/gogs: CVE-2022-31038 #483
Labels
excluded: NOT_IMPORTABLE
This vulnerability only exists in a binary and is not importable.
Comments
Not a public package. |
neild
added
excluded: NOT_IMPORTABLE
This vulnerability only exists in a binary and is not importable.
and removed
NotGoVuln
labels
Aug 10, 2022
Change https://go.dev/cl/592768 mentions this issue: |
This was referenced Jul 4, 2024
Change https://go.dev/cl/607219 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Aug 21, 2024
- data/reports/GO-2022-0457.yaml - data/reports/GO-2022-0458.yaml - data/reports/GO-2022-0459.yaml - data/reports/GO-2022-0471.yaml - data/reports/GO-2022-0473.yaml - data/reports/GO-2022-0480.yaml - data/reports/GO-2022-0482.yaml - data/reports/GO-2022-0483.yaml - data/reports/GO-2022-0490.yaml - data/reports/GO-2022-0491.yaml - data/reports/GO-2022-0494.yaml - data/reports/GO-2022-0495.yaml - data/reports/GO-2022-0496.yaml - data/reports/GO-2022-0497.yaml - data/reports/GO-2022-0498.yaml - data/reports/GO-2022-0499.yaml - data/reports/GO-2022-0500.yaml - data/reports/GO-2022-0501.yaml - data/reports/GO-2022-0502.yaml - data/reports/GO-2022-0505.yaml Updates #457 Updates #458 Updates #459 Updates #471 Updates #473 Updates #480 Updates #482 Updates #483 Updates #490 Updates #491 Updates #494 Updates #495 Updates #496 Updates #497 Updates #498 Updates #499 Updates #500 Updates #501 Updates #502 Updates #505 Change-Id: I92c5f4afd83bb1c6bd9f448bc65ca730c64ce770 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607219 Auto-Submit: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2022-31038 references github.com/gogs/gogs, which may be a Go module.
Description:
Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9
DisplayName
does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizesDisplayName
prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters.Links:
DisplayName
gogs/gogs#7009See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: