Unrated severityOSV Advisory· Published Nov 4, 2018· Updated Aug 5, 2024
CVE-2018-18925
CVE-2018-18925
Description
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/gogs/gogs/issues/5469mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.