Shodan
Vulnerabilities
Vulnerable Software
Gogs:  >> Gogs  >> 0.12.8  Security Vulnerabilities
CVE-2024-54148
Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-12-23
CVE-2024-55947
Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1.
CVSS Score
8.8
EPSS Score
0.007
Published
2024-12-23
CVE-2024-44625
Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go.
CVSS Score
8.8
EPSS Score
0.097
Published
2024-11-15
CVE-2024-39930
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected.
CVSS Score
9.9
EPSS Score
0.02
Published
2024-07-04
CVE-2024-39931
Gogs through 0.13.0 allows deletion of internal files.
CVSS Score
9.9
EPSS Score
0.014
Published
2024-07-04
CVE-2024-39932
Gogs through 0.13.0 allows argument injection during the previewing of changes.
CVSS Score
9.9
EPSS Score
0.002
Published
2024-07-04
CVE-2024-39933
Gogs through 0.13.0 allows argument injection during the tagging of a new release.
CVSS Score
7.7
EPSS Score
0.001
Published
2024-07-04
CVE-2022-2024
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.
CVSS Score
9.8
EPSS Score
0.438
Published
2023-02-25
CVE-2022-32174
In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.
CVSS Score
9.0
EPSS Score
0.1
Published
2022-10-11
CVE-2022-31038
Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-06-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved