4 matches found
CVE-2018-18925
Gogs 0.11.66 is vulnerable to remote code execution due to improper validation of session IDs, demonstrated by a ".." session-file forgery in the file.go session provider. The issue stems from session handling in the Macaron-based go-macaron/session code, allowing an attacker to map a crafted ses...
Design/Logic Flaw
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron...
CVE-2018-18925
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron...
PT-2018-14725 · Go Gitea · Gogs
Name of the Vulnerable Software and Affected Versions: Gogs version 0.11.66 Description: The issue allows remote code execution due to improper validation of session IDs. This can be exploited through a ".." session-file forgery in the file session provider, specifically in the file.go file. The...