CVE-2018-17031

In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated by Internet Explorer, because an "X-Content-Type-Options: nosniff" header is not sent.
References
Link Resource
https://github.com/gogs/gogs/issues/5397 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:gogs:gogs:0.11.53:*:*:*:*:*:*:*

Information

Published : 2018-09-14 02:29

Updated : 2018-11-07 07:06


NVD link : CVE-2018-17031

Mitre link : CVE-2018-17031

Products Affected
No products.
CWE