4 matches found
CVE-2026-47267
Gogs is an open source self-hosted Git service. Prior to 0.14.3, the fix for CVE-2022-1285 prevents adding webooks or running webhooks with URLs with a hostname that resolves in localCIDRs. However, webhooks still follow redirects allowing to access hostname inside localCIDRs. This vulnerability ...
CVE-2026-47267 Gogs: SSRF in webhook deliveries
Gogs is an open source self-hosted Git service. Prior to 0.14.3, the fix for CVE-2022-1285 prevents adding webooks or running webhooks with URLs with a hostname that resolves in localCIDRs. However, webhooks still follow redirects allowing to access hostname inside localCIDRs. This vulnerability ...
SSRF in repository migration
Impact The malicious user is able to discover services in the internal network through repository migration functionality. All installations accepting public traffic are affected. Patches Internal network CIDRs are prohibited to be used as repository migration targets. Users should upgrade to...
GHSA-7V5R-R995-Q2X2 SSRF in repository migration
Gogs is a self-hosted Git service. The malicious user is able to discover services in the internal network through repository migration functionality. All installations accepting public traffic are affected. Internal network CIDRs are prohibited to be used as repository migration targets. Users...