CVE-2018-15192 — Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea · VulnScope

CVE-2018-15192

Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

8.6

HIGH

CVSS 3.1

EPSS 0.28%

Description

Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

How to fix CVE-2018-15192

To remediate CVE-2018-15192, upgrade the affected package to a fixed version below.

Go/code.gitea.io/gitea—upgrade to 1.16.0-rc1 or later
Go/code.gitea.io/gitea—upgrade to 1.16.0-rc1 or later
—upgrade to 0.12.0 or later
—upgrade to 0.12.0 or later

Is CVE-2018-15192 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (4)

from 0, < 1.16.0-rc1
from 0, < 1.16.0-rc1
from 0, < 0.12.0
from 0, < 0.12.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

References (8)