High severityNVD Advisory· Published Dec 20, 2018· Updated Aug 5, 2024
CVE-2018-20303
CVE-2018-20303
Description
In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gogs.io/gogsGo | < 0.11.80-0.20181218063808-ff93d9dbda5c | 0.11.80-0.20181218063808-ff93d9dbda5c |
Affected products
1Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-9hxg-w7qf-hh93ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-20303ghsaADVISORY
- github.com/gogs/gogs/commit/ff93d9dbda5cebe90d86e4b7dfb2c6b8642970ceghsax_refsource_MISCWEB
- github.com/gogs/gogs/issues/5558ghsax_refsource_MISCWEB
- pentesterlab.com/exercises/cve-2018-18925ghsaWEB
- pentesterlab.com/exercises/cve-2018-18925/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.