Note:
This project will be discontinued after December 13, 2021. [more]
2018-08-07
Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go.
Products | Gogs |
Type | URL Redirection to Untrusted Site ('Open Redirect') (CWE-601) |
First patch | - None (likely due to unavailable code) |
Links |
• https://github.com/gogs/gogs/issues/5364
• https://github.com/gogs/gogs/pull/5365 |