Closed
Description
In GitHub Security Advisory GHSA-9hx4-qm7h-x84j, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| gogs.io/gogs | 0.5.8 | >= 0.3.1, < 0.5.8 |
See doc/triage.md for instructions on how to triage this report.
packages:
- package: gogs.io/gogs
versions:
- introduced: 0.3.1
fixed: 0.5.8
description: Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka
Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to
inject arbitrary web script or HTML via the text parameter to api/v1/markdown.
published: 2021-06-29T18:32:53Z
last_modified: 2021-06-29T18:32:53Z
cves:
- CVE-2014-8683
ghsas:
- GHSA-9hx4-qm7h-x84j
links:
context:
- https://github.com/advisories/GHSA-9hx4-qm7h-x84j