Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1yNmgtY2hxcC1wOWcy

Moderate EPSS: 0.0651% (0.90721 Percentile) EPSS:
Permalink JSON

SQL Injection in gogs.io/gogs

Affected Packages Affected Versions Fixed Versions
go:github.com/gogits/gogs
PURL: pkg:go/github.com%2Fgogits%2Fgogs
>= 0.3.1, < 0.5.8 0.5.8
8 Dependent packages
1 Dependent repositories

Affected Version Ranges

All affected versions

0.3.1, 0.4.0, 0.4.1, 0.4.2, 0.5.0, 0.5.2, 0.5.5

All unaffected versions

0.2.0, 0.3.0, 0.5.8, 0.5.9, 0.5.11, 0.5.13, 0.6.0, 0.6.1, 0.6.3, 0.6.5, 0.6.9, 0.6.15, 0.7.0, 0.7.6, 0.7.19, 0.7.22, 0.7.33, 0.8.0, 0.8.10, 0.8.25, 0.8.43, 0.9.0, 0.9.13, 0.9.46, 0.9.48, 0.9.60, 0.9.71, 0.9.97, 0.9.113, 0.9.128, 0.9.141, 0.10.1, 0.10.8, 0.10.18, 0.11.4, 0.11.19, 0.11.29, 0.11.33, 0.11.34, 0.11.43, 0.11.53, 0.11.66, 0.11.79, 0.11.86, 0.11.91, 0.12.0, 0.12.1, 0.12.2, 0.12.3, 0.12.4, 0.12.5, 0.12.6, 0.12.7, 0.12.8, 0.12.9, 0.12.10, 0.12.11, 0.13.0, 0.13.1, 0.13.2, 0.13.3
go:gogs.io/gogs
PURL: pkg:go/gogs.io%2Fgogs
>= 0.3.1, < 0.5.8 0.5.8
2 Dependent packages
1 Dependent repositories

Affected Version Ranges

All affected versions

0.3.1, 0.4.0, 0.4.1, 0.4.2, 0.5.0, 0.5.2, 0.5.5

All unaffected versions

0.2.0, 0.3.0, 0.5.8, 0.5.9, 0.5.11, 0.5.13, 0.6.0, 0.6.1, 0.6.3, 0.6.5, 0.6.9, 0.6.15, 0.7.0, 0.7.6, 0.7.19, 0.7.22, 0.7.33, 0.8.0, 0.8.10, 0.8.25, 0.8.43, 0.9.0, 0.9.13, 0.9.46, 0.9.48, 0.9.60, 0.9.71, 0.9.97, 0.9.113, 0.9.128, 0.9.141, 0.10.1, 0.10.8, 0.10.18, 0.11.4, 0.11.19, 0.11.29, 0.11.33, 0.11.34, 0.11.43, 0.11.53, 0.11.66, 0.11.79, 0.11.86, 0.11.91, 0.12.0, 0.12.1, 0.12.2, 0.12.3, 0.12.4, 0.12.5, 0.12.6, 0.12.7, 0.12.8, 0.12.9, 0.12.10, 0.12.11, 0.13.0

SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues.

References:

Identifiers

GHSA-mr6h-chqp-p9g2

CVE-2014-8681

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.0651

EPSS Percentile: 0.90721

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/gogits/gogs

Date and time

Published

about 4 years ago

Updated

about 2 years ago

API

JSON