blob: f556970cbe68cd6d845a6967ef7b2bcca935ec9a [file] [log] [blame]
id: GO-2020-0021
modules:
- module: github.com/gogits/gogs
versions:
- fixed: 0.5.8
vulnerable_at: 0.5.5
packages:
- package: github.com/gogits/gogs
symbols:
- GetIssues
- SearchRepositoryByName
- SearchUserByName
skip_fix: 'TODO: Revisit this reason (Some dependencies no longer exist)'
summary: SQL Injection in github.com/gogits/gogs
description: |-
Due to improper sanitization of user input, a number of methods are vulnerable
to SQL injection if used with user input that has not been sanitized by the
caller.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2014-8681
ghsas:
- GHSA-mr6h-chqp-p9g2
credits:
- Pascal Turbing
- Jiahua (Joe) Chen
references:
- fix: https://github.com/gogs/gogs/commit/83283bca4cb4e0f4ec48a28af680f0d88db3d2c8
- web: https://seclists.org/fulldisclosure/2014/Nov/31
review_status: REVIEWED