logo

Database

Lack of data validation - Path Traversal In gogs.io/gogs

Description

Gogs Directory Traversal In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-203032. NVD-2018-203033. OSV-2018-203034. GCVE-2018-20303

References

1. https://github.com/gogs/gogs/issues/55582. https://github.com/gogs/gogs/commit/ff93d9dbda5cebe90d86e4b7dfb2c6b8642970ce3. https://pentesterlab.com/exercises/cve-2018-18925

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.