Critical severityNVD Advisory· Published Nov 4, 2018· Updated Aug 5, 2024
CVE-2018-18926
CVE-2018-18926
Description
Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
code.gitea.io/giteaGo | < 1.5.2 | 1.5.2 |
Affected products
1Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-hf6f-jq25-8gq9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-18926ghsaADVISORY
- github.com/go-gitea/gitea/commit/aeb5655c25053bdcd7eee94ea37df88468374162ghsaWEB
- github.com/go-gitea/gitea/issues/5140ghsax_refsource_MISCWEB
- github.com/go-gitea/gitea/pull/5177ghsaWEB
News mentions
0No linked articles in our index yet.