FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
647ac600-cc70-11ec-9cfc-10c37b4ac2eagogs -- XSS in issue attachments

The gogs project reports:

Repository issues page allows HTML attachments with arbitrary JS code.


Discovery 2022-04-12
Entry 2022-05-05
gogs
< 0.12.7

CVE-2022-1464
https://github.com/gogs/gogs/issues/6919
https://huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae04b198d/
e53a908d-a645-11e8-8acd-10c37b4ac2eagogs -- open redirect vulnerability

bluecatli (Tencent's Xuanwu Lab) reports:

The function isValidRedirect in gogs/routes/user/auth.go is used in login action to validate if url is on the same site.

If the Location header startswith /\, it will be transformed to // by browsers.


Discovery 2018-08-06
Entry 2018-08-22
gogs
< 0.11.53_1

https://github.com/gogs/gogs/issues/5364
https://github.com/gogs/gogs/pull/5365
https://github.com/gogs/gogs/commit/1f247cf8139cb483276cd8dd06385a800ce9d4b2