CVE-2022-31038

by Fred · 08/06/2022

Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users’ display names for malicious characters.

Date published : 2022-06-08

https://github.com/gogs/gogs/security/advisories/GHSA-xq4v-vrp9-vcf2

https://github.com/gogs/gogs/commit/155cae1de8916fc3fde78f350763034b7422caee

CVE-2022-31038

Similar

Recent Posts

Categories

CVE-2022-31038

Share this:

Similar

Recent Posts

Categories

Tags