CVE-2018-20303 - Vulncode-DB

CVE-2018-20303 (NVD)

2018-12-19

In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925.

Products	Gogs
Type	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
First patch	https://github.com/gogs/gogs/commit/ff93d9dbda5cebe90d86e4b7dfb2c6b8642970ce
Relevant file/s	• ./gogs.go (modified, +1, -1) • ./pkg/tool/path.go (modified, +3, -1) • ./pkg/tool/path_test.go (modified, +1) • ./templates/.VERSION (modified, +1, -1)
Links	• https://pentesterlab.com/exercises/cve-2018-18925/ • https://github.com/gogs/gogs/issues/5558

gogs - Tree: ff93d9dbda

(? files)

Filter Settings

All Files

Relevant Files

Vulnerable Files

Patched Files

Files

VS-Dark VS-Bright Monokai Darcula

Navigation

Patch data:

(on by default)

Patched area: