【低危】Gogs has DoS in rendering issue index pattern

安全速报 · 严重级:低危 · CVSS:3.5 · CVE-2026-52796 · GHSA-4j89-2c4f-44c6

漏洞概要

Summary

Special template of issue index pattern may cause panic.

Details

in internal/markup/markup.go

link = fmt.Sprintf(`<a href="%s">%s</a>`, com.Expand(metas["format"], metas), m)

Issue index pattern is rendered to link with com.Expand.

However, com.Expand is not safe.

i = strings.Index(template, "}")
if s, ok := match[template[:i]]; ok {

when { is found but } not found, i comes to 1, template[:-1] will be called, and then panicked

finally, all pages than contains issue index are unavailable.

PoC

1. set issue index pattern as follow

1. add a commit which point to an issue in its msg

using #1 above

Impact

DoS that cause part of pages of the specify repo unavailable.

受影响组件

修复建议

升级 gogs.io/gogs 至 0.14.3 或更高版本。

参考链接

• GitHub Advisory GHSA-4j89-2c4f-44c6
• https://github.com/gogs/gogs/security/advisories/GHSA-4j89-2c4f-44c6
• https://github.com/gogs/gogs/pull/8312
• https://github.com/gogs/gogs/commit/0529d95fc39f2b6d2997b19a2a12e24522684722
• https://github.com/gogs/gogs/releases/tag/v0.14.3

本文基于 GitHub Advisory Database(CC-BY-4.0 授权)整理,数据来源已注明。