CVE-2014-8681
MEDIUM6.5EPSS 5.2%SQL Injection in github.com/gogits/gogs
Published: 6/29/2021Modified: 5/20/2024
Description
Due to improper sanitization of user input, a number of methods are vulnerable to SQL injection if used with user input that has not been sanitized by the caller.
Affected packages (3)
- Go/github.com/gogits/gogs>= 0.3.1, < 0.5.8
- Go/github.com/gogits/gogsfrom 0, < 0.5.8
- Go/gogs.io/gogs>= 0.3.1, < 0.5.8
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L |
References (13)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-8681
- PATCHhttps://github.com/gogits/gogs
- WEBhttp://packetstormsecurity.com/files/129116/Gogs-Label-Search-Blind-SQL-Injection.html
- WEBhttp://seclists.org/fulldisclosure/2014/Nov/31
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/98695
- WEBhttps://github.com/gogits/gogs/commit/83283bca4cb4e0f4ec48a28af680f0d88db3d2c8
- WEBhttps://github.com/gogits/gogs/releases/tag/v0.5.8
- WEBhttps://github.com/gogs/gogs/commit/83283bca4cb4e0f4ec48a28af680f0d88db3d2c8
- WEBhttps://pkg.go.dev/vuln/GO-2020-0021
- WEBhttps://seclists.org/fulldisclosure/2014/Nov/31
- WEBhttps://web.archive.org/web/20150711111508/http://gogs.io/docs/intro/change_log.html#v0.5.8-%40-2014-11-19
- WEBhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8681
- WEBhttps://www.exploit-db.com/exploits/35237