CVE-2022-32174
CRITICAL9.0EPSS 2.8%Gogs vulnerable to Cross-site Scripting in gogs.io/gogs
發布日:2022/10/11修改日:2026/3/3
描述
Gogs vulnerable to Cross-site Scripting in gogs.io/gogs
受影響套件(2)
- Go/gogs.io/gogs>= 0.6.5, <= 0.12.10
- Go/gogs.io/gogs>= 0.6.5
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
參考連結(6)
- ADVISORYhttps://github.com/advisories/GHSA-mcjj-2fvq-mc3r
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-32174
- PATCHhttps://github.com/gogs/gogs
- WEBhttps://github.com/gogs/gogs/blob/v0.12.10/public/js/gogs.js#L263
- WEBhttps://pkg.go.dev/vuln/GO-2022-1060
- WEBhttps://www.mend.io/vulnerability-database/CVE-2022-32174