Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Gogs allows unauthenticated file uploads
Vulnerability Description
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled (default), any remote user can upload arbitrary files to the server via /releases/attachments and /issues/attachments. This enables the instance to be abused as a public file host, potentially leading to disk exhaustion, content hosting, or delivery of malware. CSRF tokens do not mitigate this attack due to same-origin cookie issuance. This issue has been fixed in version 0.14.1.
CVSS Information
N/A
Vulnerability Type
授权机制缺失
Vulnerability Title
Gogs 安全漏洞
Vulnerability Description
Gogs(Go Git Service)是Gogs团队的一个基于Go语言的自助Git托管服务,它支持创建、迁移公开/私有仓库,添加、删除仓库协作者等。 Gogs 0.13.4及之前版本存在安全漏洞,该漏洞源于默认暴露未经验证的文件上传端点,可能导致磁盘耗尽或恶意软件分发。
CVSS Information
N/A
Vulnerability Type
N/A