Disclosure Date 2021/08/31

CVE-2021-32408

Server-Side Request Forgery (SSRF) in Gogs

Gogs における SSRF (サーバサイドリクエストフォージェリ)

Description

Server-Side Request Forgery (SSRF) vulnerability in Gogs 0.7.0 through 1.12.x before 1.12.3 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in internal/form/repo.go.