Medium severity6.1NVD Advisory· Published Aug 8, 2018· Updated Jun 17, 2026
CVE-2018-15178
CVE-2018-15178
Description
Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gogs.io/gogsGo | < 0.12.0 | 0.12.0 |
Affected products
1Patches
Vulnerability mechanics
References
5- github.com/gogs/gogs/issues/5364nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-cpgw-2wxr-pww3ghsaADVISORY
- github.com/gogs/gogs/pull/5365nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-15178ghsaADVISORY
- github.com/gogs/gogs/commit/1f247cf8139cb483276cd8dd06385a800ce9d4b2ghsaWEB
News mentions
0No linked articles in our index yet.