CVE-2018-16409

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-16409

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16409.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-16409

Published

2018-09-03T19:29:01.243Z

Modified

2026-04-10T04:06:45.324786Z

Severity

8.6 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF.

References

https://github.com/gogs/gogs/issues/5372

Affected packages

Git / github.com/gogs/gogs

Affected ranges

Type

GIT

Repo

https://github.com/gogs/gogs

Events

Introduced

Last affected

91441c3fb29d8ead645d8fffa4658d749d5b3fc3

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.11.53"
        }
    ]
}

Affected versions

v0.*

v0.10

v0.10.18

v0.10.8

v0.10rc

v0.11

v0.11.19

v0.11.29

v0.11.33

v0.11.34

v0.11.4

v0.11.43

v0.11.53

v0.11rc

v0.2.0

v0.3.0

v0.3.1

v0.4.0

v0.4.1

v0.4.2

v0.5.0

v0.5.11

v0.5.13

v0.5.2

v0.5.5

v0.5.8

v0.5.9

v0.6.1

v0.6.15

v0.6.3

v0.6.9

v0.7.0

v0.7.19

v0.7.22

v0.7.33

v0.7.6

v0.8.0

v0.8.10

v0.8.25

v0.8.43

v0.9.0

v0.9.113

v0.9.128

v0.9.13

v0.9.141

v0.9.46

v0.9.48

v0.9.60

v0.9.71

v0.9.97

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16409.json"