Vulnerabilities > CVE-2022-31038 - Unspecified vulnerability in Gogs

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

gogs

NVD

Published: 2022-06-09

Updated: 2024-11-21

Summary

Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters.

Vulnerable Configurations

Part	Description	Count
Application	Gogs Gogs Gogs 0.2.0 Gogs Gogs 0.3.0 Gogs Gogs 0.3.1 Gogs Gogs 0.4.0 Gogs Gogs 0.4.1 Gogs Gogs 0.4.2 Gogs Gogs 0.5.0 Gogs Gogs 0.5.2 Gogs Gogs 0.5.5 Gogs Gogs 0.5.8 Gogs Gogs 0.5.9 Gogs Gogs 0.5.11 Gogs Gogs 0.5.13 Gogs Gogs 0.6.0 Gogs Gogs 0.6.1 Gogs Gogs 0.6.3 Gogs Gogs 0.6.5 Gogs Gogs 0.6.9 Gogs Gogs 0.6.15 Gogs Gogs 0.7.0 Gogs Gogs 0.7.6 Gogs Gogs 0.7.19 Gogs Gogs 0.7.22 Gogs Gogs 0.7.33 Gogs Gogs 0.8.0 Gogs Gogs 0.8.10 Gogs Gogs 0.8.25 Gogs Gogs 0.8.43 Gogs Gogs 0.9.0 Gogs Gogs 0.9.13 Gogs Gogs 0.9.46 Gogs Gogs 0.9.48 Gogs Gogs 0.9.60 Gogs Gogs 0.9.71 Gogs Gogs 0.9.97 Gogs Gogs 0.9.113 Gogs Gogs 0.9.128 Gogs Gogs 0.9.141 Gogs Gogs 0.10 Gogs Gogs 0.10.1 Gogs Gogs 0.10.8 Gogs Gogs 0.10.18 Gogs Gogs 0.11 Gogs Gogs 0.11.4 Gogs Gogs 0.11.19 Gogs Gogs 0.11.29 Gogs Gogs 0.11.33 Gogs Gogs 0.11.34 Gogs Gogs 0.11.43 Gogs Gogs 0.11.53 Gogs Gogs 0.11.66 Gogs Gogs 0.11.79 Gogs Gogs 0.11.82.1218 Gogs Gogs 0.11.86 Gogs Gogs 0.11.91 Gogs Gogs 0.12 Gogs Gogs 0.12.2 Gogs Gogs 0.12.3 Gogs Gogs 0.12.4 Gogs Gogs 0.12.5 Gogs Gogs 0.12.6 Gogs Gogs 0.12.7 Gogs Gogs 0.12.8	68

Summary

Vulnerable Configurations

References