Affected by GO-2026-4480 and 19 other vulnerabilities

GO-2026-4480: Vikunja Vulnerable to XSS Via Task Preview in code.vikunja.io/api

GO-2026-4551: Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change in code.vikunja.io/api

GO-2026-4552: Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module in code.vikunja.io/api

GO-2026-4553: Vikunja: Stored XSS via Unsanitized SVG Attachment Upload Leads to Token Exposure in code.vikunja.io/api

GO-2026-4556: Vikunja has Path Traversal in CLI Restore in code.vikunja.io/api

GO-2026-4575: Vikunja Vulnerable to Account Takeover via Password Reset Token Reuse in code.vikunja.io/api

GO-2026-4791: Vikunja has a Rate-Limit Bypass for Unauthenticated Users via Spoofed Headers in code.vikunja.io/api

GO-2026-4794: Vikunja has a 2FA Bypass via Caldav Basic Auth in code.vikunja.io/api

GO-2026-4797: Vikunja has an IDOR in Task Comments Allows Reading Arbitrary Comments in code.vikunja.io/api

GO-2026-4798: Vikunja’s Improper Access Control Enables Bypass of Administrator-Imposed Account Disablement in code.vikunja.io/api

GO-2026-4805: Vikunja has TOTP Reuse During Validity Window in code.vikunja.io/api

GO-2026-4811: Vikunja Affected by DoS via Image Preview Generation in code.vikunja.io/api

GO-2026-4846: Vikjuna: Webhook BasicAuth Credentials Exposed to Read-Only Project Collaborators via API in code.vikunja.io/api

GO-2026-4847: Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read in code.vikunja.io/api

GO-2026-4848: Vikjuna: Link Share Hash Disclosure via ReadAll Endpoint Enables Permission Escalation in code.vikunja.io/api

GO-2026-4850: Vikunja has a Link Share Delete IDOR — Missing Project Ownership Check Allows Cross-Project Link Share Deletion in code.vikunja.io/api

GO-2026-4851: Vikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network Resources in code.vikunja.io/api

GO-2026-4852: Vikjuna Bypasses Webhook SSRF Protections During OpenID Connect Avatar Download in code.vikunja.io/api

GO-2026-4853: Vikjuna: IDOR in Task Attachment ReadOne Allows Cross-Project File Access and Deletion in code.vikunja.io/api

GO-2026-4855: Vikunja: Unauthenticated Instance-Wide Data Breach via Link Share Hash Disclosure Chained with Cross-Project Attachment IDOR in code.vikunja.io/api

migration

package

v0.14.1 Latest Latest Go to latest Published: Jul 7, 2020 License: GPL-3.0 Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

git.kolaente.de/vikunja/api

Links

Open Source Insights

Documentation ¶

Index ¶

func GetTables() []interface{}
func InitDB() (err error)
func InsertFromStructure(str []*models.NamespaceWithLists, user *user.User) (err error)
func SetMigrationStatus(m Migrator, u *user.User) (err error)
type Migrator
type Status
- func GetMigrationStatus(m Migrator, u *user.User) (status *Status, err error)
- func (s *Status) TableName() string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetTables ¶

func GetTables() []interface{}

GetTables returns all structs which are also a table.

func InitDB ¶

func InitDB() (err error)

InitDB sets up the database connection to use in this module

func InsertFromStructure ¶

func InsertFromStructure(str []*models.NamespaceWithLists, user *user.User) (err error)

InsertFromStructure takes a fully nested Vikunja data structure and a user and then creates everything for this user (Namespaces, tasks, etc. Even attachments and relations.)

func SetMigrationStatus ¶

func SetMigrationStatus(m Migrator, u *user.User) (err error)

SetMigrationStatus sets the migration status for a user

Types ¶

type Migrator ¶

type Migrator interface {
	// Migrate is the interface used to migrate a user's tasks from another platform to vikunja.
	// The user object is the user who's tasks will be migrated.
	Migrate(user *user.User) error
	// AuthURL returns a url for clients to authenticate against.
	// The use case for this are Oauth flows, where the server token should remain hidden and not
	// known to the frontend.
	AuthURL() string
	// Title holds the name of the migration.
	// This is used to show the name to users and to keep track of users who already migrated.
	Name() string
}

Migrator is the basic migrator interface which is shared among all migrators

type Status ¶

type Status struct {
	ID           int64     `xorm:"int(11) autoincr not null unique pk" json:"id"`
	UserID       int64     `xorm:"int(11) not null" json:"-"`
	MigratorName string    `xorm:"varchar(255)" json:"migrator_name"`
	Created      time.Time `xorm:"created not null 'created'" json:"time"`
}

Status represents this migration status

func GetMigrationStatus ¶

func GetMigrationStatus(m Migrator, u *user.User) (status *Status, err error)

GetMigrationStatus returns the migration status for a migration and a user

func (*Status) TableName ¶

func (s *Status) TableName() string

TableName holds the table name for the migration status table

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
handler
todoist
wunderlist

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL