CVE-2018-20303

HIGH7.5EPSS 2.5%

Gogs Directory Traversal

發布日:2022/5/14修改日:2026/5/14

描述

In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925.

受影響套件(1)

Go/gogs.io/gogsfrom 0, < 0.11.80-0.20181218063808-ff93d9dbda5c

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-20303
PATCHhttps://github.com/gogs/gogs
WEBhttps://github.com/gogs/gogs/commit/ff93d9dbda5cebe90d86e4b7dfb2c6b8642970ce
WEBhttps://github.com/gogs/gogs/issues/5558
WEBhttps://pentesterlab.com/exercises/cve-2018-18925