Описание
In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925.
Ссылки
- PatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.11.82.1218 (исключая)
cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02468
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
EPSS
Процентиль: 85%
0.02468
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22