CNNVD-202506-3053 Information

CNNVD ID

CNNVD-202506-3053

Related CVE

CVE-2025-47943

• CNNVD Published: 2025-06-24

Description (Chinese)

Gogs（Go Git Service）是Gogs团队的一个基于Go语言的自助Git托管服务，它支持创建、迁移公开/私有仓库，添加、删除仓库协作者等。 Gogs 0.14.0+dev及之前版本存在安全漏洞，该漏洞源于pdfjs-1.4.20组件导致存储型跨站脚本攻击。

Description (English)

Gogs (Go Git Service), a Gogs team-based self-help Git hosting service based on Go language, supports the creation, relocation, addition, removal of warehouse collaborators, etc. The Gogs 0.14.0+dev and previous versions had a security loophole, which originated from the pdfjs-1.4.20 component and resulted in a storage-type cross-station script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Gogs

Published

2025-06-24

Last Modified

2026-02-24

References

https://github.com/gogs/gogs/security/advisories/GHSA-xh32-cx6c-cp4v https://github.com/gogs/gogs/commit/110117b2e5e5baa4809c819bec701e929d2d8d40 https://github.com/gogs/gogs/releases/tag/v0.13.3 https://access.redhat.com/security/cve/cve-2025-47943