logo

Database

Reflected cross-site scripting (XSS) In gogs.io/gogs

Description

Gogs XSS Vulnerability In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated by Internet Explorer, because an "X-Content-Type-Options: nosniff" header is not sent.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-170312. NVD-2018-170313. OSV-2018-170314. GCVE-2018-17031

References

1. https://github.com/gogs/gogs/issues/53972. https://github.com/gogs/gogs/pull/60083. https://github.com/gogs/gogs/commit/e14b6abf9dae13bc087c9d9db8fe7c7a5125c792

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.