0.001 Low
EPSS
Percentile
50.8%
github.com/gogs/gogs is vulnerable to server-side request forgery. An attacker can send malicious requests on behalf of the server into the network-internal hosts through the ParseRemoteAddr function of repo.go.
ParseRemoteAddr
repo.go
github.com/advisories/GHSA-7v5r-r995-q2x2
github.com/advisories/GHSA-q347-cg56-pcq4
github.com/gogs/gogs/commit/91f2cde5e95f146bfe4765e837e7282df6c7cabb
github.com/gogs/gogs/pull/6812
huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531