CVE-2018-20303

In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925.

Published Feb 25, 2026

https://github.com/advisories/GHSA-9hxg-w7qf-hh93

CVSS ScoreHigh

7.5

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2018-20303

In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925.

Published Feb 25, 2026

https://github.com/advisories/GHSA-9hxg-w7qf-hh93

CVSS ScoreHigh

7.5

No packages found

Try adjusting your search terms.

Ecosystem	Package	Version

No packages found

Try adjusting your search terms.

Find vulnerabilities. Fix fast with AI.

CVE-2018-20303

CVE-2018-20303

No packages found

No packages found