CVE-2022-31038

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31038

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31038.json

Aliases

GHSA-xq4v-vrp9-vcf2

Published

2022-06-09T17:15:09Z

Modified

2023-11-29T09:41:15.080532Z

Details

Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 DisplayName does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes DisplayName prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters.

References

Affected packages

Git / github.com/gogs/gogs

Affected ranges

Type: GIT
Repo: https://github.com/gogs/gogs
Events: Introduced

0The exact introduced commit is unknown

Fixed

155cae1de8916fc3fde78f350763034b7422caee

Affected versions

v0.*

v0.10

v0.10.1

v0.10.18

v0.10.8

v0.10rc

v0.11

v0.11.19

v0.11.29

v0.11.33

v0.11.34

v0.11.4

v0.11.43

v0.11.53

v0.11.66

v0.11.79

v0.11.86

v0.11.91

v0.11rc

v0.2.0

v0.3.0

v0.3.1

v0.4.0

v0.4.1

v0.4.2

v0.5.0

v0.5.11

v0.5.13

v0.5.2

v0.5.5

v0.5.8

v0.5.9

v0.6.0

v0.6.1

v0.6.15

v0.6.3

v0.6.5

v0.6.9

v0.7.0

v0.7.19

v0.7.22

v0.7.33

v0.7.6

v0.8.0

v0.8.10

v0.8.25

v0.8.43

v0.9.0

v0.9.113

v0.9.128

v0.9.13

v0.9.141

v0.9.46

v0.9.48

v0.9.60

v0.9.71

v0.9.97