E99p1ant

3 exploits Active since Jun 2022
CVE-2026-52801 WRITEUP HIGH WRITEUP
Gogs: Ability to import local repositories via Mirror Settings
Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs Mirror Settings functionality provide an alternative way from the well protected New Migration functionality for any authenticated users to import local repositories. This issue stems from a lack of validation of SaveAddress function. This vulnerability is fixed in 0.14.3.
CVSS 8.1
CVE-2026-52804 WRITEUP MEDIUM WRITEUP
Gogs: Privilege Escalation via Collaboration Access Mode Validation
Gogs is an open source self-hosted Git service. Prior to 0.14.3, a repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the ChangeCollaborationAccessMode function. This vulnerability is fixed in 0.14.3.
CVE-2022-31038 WRITEUP MEDIUM WRITEUP
Gogs < 0.12.9 - Stored Cross-Site Scripting via Unsanitized DisplayName
Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters.
CVSS 5.4