GHSA-4j89-2c4f-44c6LowCVSS 3.5

Gogs has DoS in rendering issue index pattern

Published
June 22, 2026
Last Modified
June 22, 2026

🔗 CVE IDs covered (1)

📋 Description

Summary

Special template of issue index pattern may cause panic.

Details

in internal/markup/markup.go

link = fmt.Sprintf(`<a href="%s">%s</a>`, com.Expand(metas["format"], metas), m)

Issue index pattern is rendered to link with com.Expand.

However, com.Expand is not safe.

i = strings.Index(template, "}")
if s, ok := match[template[:i]]; ok {

when { is found but } not found, i comes to 1, template[:-1] will be called, and then panicked

image

finally, all pages than contains issue index are unavailable.

PoC

  1. set issue index pattern as follow

image

  1. add a commit which point to an issue in its msg

image

using #1 above

Impact

DoS that cause part of pages of the specify repo unavailable.

🎯 Affected products1

  • go/gogs.io/gogs:<= 0.14.2

🔗 References (5)