Moderate severityNVD Advisory· Published Nov 21, 2014· Updated May 6, 2026
CVE-2014-8681
CVE-2014-8681
Description
SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gogs.io/gogsGo | >= 0.3.1, < 0.5.8 | 0.5.8 |
github.com/gogits/gogsGo | >= 0.3.1, < 0.5.8 | 0.5.8 |
Affected products
6cpe:2.3:a:gogits:gogs:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:gogits:gogs:*:*:*:*:*:*:*:*range: <=0.5.5
- cpe:2.3:a:gogits:gogs:0.3.1-9:*:*:*:*:*:*:*
- cpe:2.3:a:gogits:gogs:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:gogits:gogs:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:gogits:gogs:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:gogits:gogs:0.5.2:*:*:*:*:*:*:*
Patches
26 files changed · +40 −16
gogs.go+1 −1 modified@@ -17,7 +17,7 @@ import ( "github.com/gogits/gogs/modules/setting" ) -const APP_VER = "0.5.6.1024 Beta" +const APP_VER = "0.5.6.1025 Beta" func init() { runtime.GOMAXPROCS(runtime.NumCPU())
models/issue.go+4 −1 modified@@ -211,7 +211,10 @@ func GetIssues(uid, rid, pid, mid int64, page int, isClosed bool, labelIds, sort if len(labelIds) > 0 { for _, label := range strings.Split(labelIds, ",") { - sess.And("label_ids like '%$" + label + "|%'") + // Prevent SQL inject. + if com.StrTo(label).MustInt() > 0 { + sess.And("label_ids like '%$" + label + "|%'") + } } }
models/repo.go+13 −6 modified@@ -1131,17 +1131,21 @@ type SearchOption struct { Keyword string Uid int64 Limit int + Private bool +} + +// FilterSQLInject tries to prevent SQL injection. +func FilterSQLInject(key string) string { + key = strings.TrimSpace(key) + key = strings.Split(key, " ")[0] + key = strings.Replace(key, ",", "", -1) + return key } // SearchRepositoryByName returns given number of repositories whose name contains keyword. func SearchRepositoryByName(opt SearchOption) (repos []*Repository, err error) { // Prevent SQL inject. - opt.Keyword = strings.TrimSpace(opt.Keyword) - if len(opt.Keyword) == 0 { - return repos, nil - } - - opt.Keyword = strings.Split(opt.Keyword, " ")[0] + opt.Keyword = FilterSQLInject(opt.Keyword) if len(opt.Keyword) == 0 { return repos, nil } @@ -1154,6 +1158,9 @@ func SearchRepositoryByName(opt SearchOption) (repos []*Repository, err error) { if opt.Uid > 0 { sess.Where("owner_id=?", opt.Uid) } + if !opt.Private { + sess.And("is_private=false") + } sess.And("lower_name like '%" + opt.Keyword + "%'").Find(&repos) return repos, err }
models/user.go+1 −7 modified@@ -574,13 +574,7 @@ func GetUserByEmail(email string) (*User, error) { // SearchUserByName returns given number of users whose name contains keyword. func SearchUserByName(opt SearchOption) (us []*User, err error) { - // Prevent SQL inject. - opt.Keyword = strings.TrimSpace(opt.Keyword) - if len(opt.Keyword) == 0 { - return us, nil - } - - opt.Keyword = strings.Split(opt.Keyword, " ")[0] + opt.Keyword = FilterSQLInject(opt.Keyword) if len(opt.Keyword) == 0 { return us, nil }
routers/api/v1/repos.go+20 −0 modified@@ -31,6 +31,26 @@ func SearchRepos(ctx *middleware.Context) { opt.Limit = 10 } + // Check visibility. + if ctx.IsSigned && opt.Uid > 0 { + if ctx.User.Id == opt.Uid { + opt.Private = true + } else { + u, err := models.GetUserById(opt.Uid) + if err != nil { + ctx.JSON(500, map[string]interface{}{ + "ok": false, + "error": err.Error(), + }) + return + } + if u.IsOrganization() && u.IsOrgOwner(ctx.User.Id) { + opt.Private = true + } + // FIXME: how about collaborators? + } + } + repos, err := models.SearchRepositoryByName(opt) if err != nil { ctx.JSON(500, map[string]interface{}{
templates/.VERSION+1 −1 modified@@ -1 +1 @@ -0.5.6.1024 Beta \ No newline at end of file +0.5.6.1025 Beta \ No newline at end of file
6 files changed · +40 −16
gogs.go+1 −1 modified@@ -17,7 +17,7 @@ import ( "github.com/gogits/gogs/modules/setting" ) -const APP_VER = "0.5.6.1024 Beta" +const APP_VER = "0.5.6.1025 Beta" func init() { runtime.GOMAXPROCS(runtime.NumCPU())
models/issue.go+4 −1 modified@@ -211,7 +211,10 @@ func GetIssues(uid, rid, pid, mid int64, page int, isClosed bool, labelIds, sort if len(labelIds) > 0 { for _, label := range strings.Split(labelIds, ",") { - sess.And("label_ids like '%$" + label + "|%'") + // Prevent SQL inject. + if com.StrTo(label).MustInt() > 0 { + sess.And("label_ids like '%$" + label + "|%'") + } } }
models/repo.go+13 −6 modified@@ -1131,17 +1131,21 @@ type SearchOption struct { Keyword string Uid int64 Limit int + Private bool +} + +// FilterSQLInject tries to prevent SQL injection. +func FilterSQLInject(key string) string { + key = strings.TrimSpace(key) + key = strings.Split(key, " ")[0] + key = strings.Replace(key, ",", "", -1) + return key } // SearchRepositoryByName returns given number of repositories whose name contains keyword. func SearchRepositoryByName(opt SearchOption) (repos []*Repository, err error) { // Prevent SQL inject. - opt.Keyword = strings.TrimSpace(opt.Keyword) - if len(opt.Keyword) == 0 { - return repos, nil - } - - opt.Keyword = strings.Split(opt.Keyword, " ")[0] + opt.Keyword = FilterSQLInject(opt.Keyword) if len(opt.Keyword) == 0 { return repos, nil } @@ -1154,6 +1158,9 @@ func SearchRepositoryByName(opt SearchOption) (repos []*Repository, err error) { if opt.Uid > 0 { sess.Where("owner_id=?", opt.Uid) } + if !opt.Private { + sess.And("is_private=false") + } sess.And("lower_name like '%" + opt.Keyword + "%'").Find(&repos) return repos, err }
models/user.go+1 −7 modified@@ -574,13 +574,7 @@ func GetUserByEmail(email string) (*User, error) { // SearchUserByName returns given number of users whose name contains keyword. func SearchUserByName(opt SearchOption) (us []*User, err error) { - // Prevent SQL inject. - opt.Keyword = strings.TrimSpace(opt.Keyword) - if len(opt.Keyword) == 0 { - return us, nil - } - - opt.Keyword = strings.Split(opt.Keyword, " ")[0] + opt.Keyword = FilterSQLInject(opt.Keyword) if len(opt.Keyword) == 0 { return us, nil }
routers/api/v1/repos.go+20 −0 modified@@ -31,6 +31,26 @@ func SearchRepos(ctx *middleware.Context) { opt.Limit = 10 } + // Check visibility. + if ctx.IsSigned && opt.Uid > 0 { + if ctx.User.Id == opt.Uid { + opt.Private = true + } else { + u, err := models.GetUserById(opt.Uid) + if err != nil { + ctx.JSON(500, map[string]interface{}{ + "ok": false, + "error": err.Error(), + }) + return + } + if u.IsOrganization() && u.IsOrgOwner(ctx.User.Id) { + opt.Private = true + } + // FIXME: how about collaborators? + } + } + repos, err := models.SearchRepositoryByName(opt) if err != nil { ctx.JSON(500, map[string]interface{}{
templates/.VERSION+1 −1 modified@@ -1 +1 @@ -0.5.6.1024 Beta \ No newline at end of file +0.5.6.1025 Beta \ No newline at end of file
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
15- packetstormsecurity.com/files/129116/Gogs-Label-Search-Blind-SQL-Injection.htmlnvdExploitWEB
- seclists.org/fulldisclosure/2014/Nov/31nvdExploitWEB
- www.exploit-db.com/exploits/35237nvdExploit
- github.com/gogits/gogs/commit/83283bca4cb4e0f4ec48a28af680f0d88db3d2c8nvdExploitWEB
- github.com/advisories/GHSA-mr6h-chqp-p9g2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-8681ghsaADVISORY
- exchange.xforce.ibmcloud.com/vulnerabilities/98695nvdWEB
- github.com/gogits/gogs/releases/tag/v0.5.8ghsaWEB
- github.com/gogs/gogs/commit/83283bca4cb4e0f4ec48a28af680f0d88db3d2c8ghsaWEB
- pkg.go.dev/vuln/GO-2020-0021ghsaWEB
- seclists.org/fulldisclosure/2014/Nov/31ghsaWEB
- web.archive.org/web/20150711111508/http://gogs.io/docs/intro/change_log.htmlghsaWEB
- web.nvd.nist.gov/view/vuln/detailghsaWEB
- www.exploit-db.com/exploits/35237ghsaWEB
- gogs.io/docs/intro/change_log.htmlnvd
News mentions
0No linked articles in our index yet.