CVE-2018-17031
CVE-2018-17031 affects Gogs 0.11.53 where a crafted .eml file can trigger MIME-type sniffing, causing XSS. The root cause is the absence of the X-Content-Type-Options: nosniff header, enabling the browser to sniff MIME types and execute injected scripts. This is supported by multiple connected en...