Muxishuihan

**Name of the Vulnerable Software and Affected Versions** easywebpack-cli versions prior to 4.5.2 **Description** A Directory Traversal issue allows attackers to obtain sensitive information by sending a crafted GET request. **Recommendations** For versions prior to 4.5.2, update to version 4.5.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Gogs version 0.11.91 **Description** The issue is related to insecure permissions in Gogs, specifically in the `MakeEmailPrimary` function located in `models/user mail.go`. This function lacks a check to ensure the user is the owner of the email, potentially leading to security issues. **Recommendations** For Gogs version 0.11.91, consider modifying the `MakeEmailPrimary` function in `models/user mail.go` to include a check that verifies the user is the owner of the email before allowing changes to email settings. As a temporary workaround, consider restricting access to the email modification functionality until a proper fix is implemented.