GHSA-W6J9-VW59-27WV Gogs has an Authentication Bypass via Unvalidated Reverse Proxy Headers
Summary When ENABLEREVERSEPROXYAUTHENTICATION is enabled, Gogs accepts the configured authentication header default: X-WEBAUTH-USER directly from client requests without validating that the request originated from a trusted reverse proxy. Any remote attacker who can reach the Gogs service can for...