Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-hf6f-jq25-8gq9 #1391

Closed
GoVulnBot opened this issue Jan 9, 2023 · 1 comment
Closed

Comments

@GoVulnBot
Copy link

In GitHub Security Advisory GHSA-hf6f-jq25-8gq9, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
code.gitea.io/gitea 1.5.2 < 1.5.2

Cross references:

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: TODO
    versions:
      - fixed: 1.5.2
    packages:
      - package: code.gitea.io/gitea
description: Gitea before 1.5.4 allows remote code execution because it does not properly
    validate session IDs. This is related to session ID handling in the go-macaron/session
    code for Macaron.
cves:
  - CVE-2018-18926
ghsas:
  - GHSA-hf6f-jq25-8gq9

@tatianab
Copy link
Contributor

tatianab commented Jan 9, 2023

Duplicate of #844

# for free to join this conversation on GitHub. Already have an account? # to comment
Projects
None yet
Development

No branches or pull requests

2 participants