Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go.
CVSS Score
8.8
EPSS Score
0.709
Published
2024-11-15
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected.
CVSS Score
9.9
EPSS Score
0.119
Published
2024-07-04
Gogs through 0.13.0 allows deletion of internal files.
CVSS Score
9.9
EPSS Score
0.072
Published
2024-07-04
Gogs through 0.13.0 allows argument injection during the previewing of changes.
CVSS Score
9.9
EPSS Score
0.028
Published
2024-07-04
Gogs through 0.13.0 allows argument injection during the tagging of a new release.
CVSS Score
7.7
EPSS Score
0.003
Published
2024-07-04
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.
CVSS Score
9.8
EPSS Score
0.349
Published
2023-02-25
In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.
CVSS Score
9.0
EPSS Score
0.027
Published
2022-10-11
Page 3