Note:
This project will be discontinued after December 13, 2021. [more]
2018-12-19
In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925.
Products | Gogs |
Type | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) |
First patch |
https://github.com/gogs/gogs/commit/ff93d9dbda5cebe90d86e4b7dfb2c6b8642970ce |
Relevant file/s |
• ./gogs.go (modified, +1, -1)
• ./pkg/tool/path.go (modified, +3, -1) • ./pkg/tool/path_test.go (modified, +1) • ./templates/.VERSION (modified, +1, -1) |
Links |
• https://pentesterlab.com/exercises/cve-2018-18925/
• https://github.com/gogs/gogs/issues/5558 |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: