CVE-2018-20303

Published: Dec 20, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/gogs/gogs/commit/ff93d9dbda5cebe90d86e4b7dfb2c6b8642970ce

x_refsource_MISC

https://pentesterlab.com/exercises/cve-2018-18925/

x_refsource_MISC

https://github.com/gogs/gogs/issues/5558

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-20303

Description

Affected Products

References