| packages: |
| - module: github.com/gogits/gogs |
| symbols: |
| - GetIssues |
| - SearchRepositoryByName |
| - SearchUserByName |
| versions: |
| - fixed: v0.5.8 |
| description: | |
| Due to improper santization of user input, a number of methods are |
| vulnerable to SQL injection if used with user input that has not |
| been santized by the caller. |
| published: 2021-04-14T20:04:52Z |
| cves: |
| - CVE-2014-8681 |
| ghsas: |
| - GHSA-mr6h-chqp-p9g2 |
| credit: Pascal Turbing and Jiahua (Joe) Chen |
| links: |
| commit: https://github.com/gogs/gogs/commit/83283bca4cb4e0f4ec48a28af680f0d88db3d2c8 |
| context: |
| - https://seclists.org/fulldisclosure/2014/Nov/31 |
