vulnerability
FreeBSD: VID-e53a908d-a645-11e8-8acd-10c37b4ac2ea: gogs -- open redirect vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:C/A:N) | Aug 22, 2018 | Aug 23, 2018 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:C/A:N)
Published
Aug 22, 2018
Added
Aug 23, 2018
Modified
Dec 10, 2025
Description
bluecatli (Tencent's Xuanwu Lab) reports: The function isValidRedirect in gogs/routes/user/auth.go is used in login action to validate if url is on the same site. If the Location header startswith /\, it will be transformed to // by browsers.
Solution
freebsd-upgrade-package-gogs
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.