GO-2020-0021 SQL Injection in github.com/gogits/gogs

Due to improper sanitization of user input, a number of methods are vulnerable to SQL injection if used with user input that has not been sanitized by the caller...

Cross-site Scripting (XSS)

github.com/gogits/gogs is vulnerable to cross-site scripting XSS attacks. The attacks can be triggered because a user can change their username to anything other than an empty string. This allows them to enter code which may be executed...

Cross-site Scripting (XSS)

github.com/gogits/gogs is vulnerable to cross-site scripting XSS attacks. The library's wiki templates do not sanitize user input, allowing a malicious user to inject and execute arbitrary code...

SQL Injection

github.com/gogits/gogs is vulnerable to SQL injection attacks. These attacks are possible through the label parameter given to the GetIssues function in models/issue.go...

Timing Attack

github.com/gogits/gogs is vulnerable to timing attacks. This vulnerability is caused because passwords are not validated in constant time, allowing malicious users to guess valid passwords based on the time that a validation takes...