Pascal Turbing

**Name of the Vulnerable Software and Affected Versions** Gogs (aka Go Git Service) versions 0.3.1-9 through 0.5.6.x **Description** The issue is related to a SQL injection vulnerability. It allows remote attackers to execute arbitrary SQL commands via the `label` parameter to user/repos/issues. The vulnerability is due to improper sanitization of user input, making certain methods vulnerable to SQL injection if used with unsanitized user input. **Recommendations** For Gogs (aka Go Git Service) versions 0.3.1-9 through 0.5.6.x, update to version 0.5.6.1025 Beta or later to resolve the issue. As a temporary workaround, consider sanitizing user input before passing it to vulnerable methods, such as the GetIssues function in models/issue.go. Restrict access to the `label` parameter in the user/repos/issues endpoint to minimize the risk of exploitation.