Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

x/vulndb: potential Go vuln in github.com/gogs/gogs: CVE-2024-39932 #2971

Closed
GoVulnBot opened this issue Jul 4, 2024 · 1 comment
Closed

x/vulndb: potential Go vuln in github.com/gogs/gogs: CVE-2024-39932 #2971

GoVulnBot opened this issue Jul 4, 2024 · 1 comment
Assignees
@tatianab
Labels
triaged

Comments

@GoVulnBot
Copy link

Advisory CVE-2024-39932 references a vulnerability in the following Go modules:

Module
github.com/gogs/gogs

Description:
Gogs through 0.13.0 allows argument injection during the previewing of changes.

References:

Cross references:

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/gogs/gogs
      vulnerable_at: 0.13.0
summary: CVE-2024-39932 in github.com/gogs/gogs
cves:
    - CVE-2024-39932
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-39932
    - web: https://github.com/gogs/gogs/releases
    - web: https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/
source:
    id: CVE-2024-39932
    created: 2024-07-04T17:01:11.33930902Z
review_status: UNREVIEWED
@tatianab tatianab self-assigned this Jul 8, 2024
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/597158 mentions this issue: data/reports: add 7 unreviewed reports

This was referenced Dec 23, 2024
Closed
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@tatianab tatianab

Labels
triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tatianab @gopherbot @GoVulnBot