Gogs: >> Gogs >> 0.12.13 Security Vulnerabilities
Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-12-23
Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1.
CVSS Score
8.8
EPSS Score
0.007
Published
2024-12-23
Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go.
CVSS Score
8.8
EPSS Score
0.097
Published
2024-11-15
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected.
CVSS Score
9.9
EPSS Score
0.02
Published
2024-07-04
Gogs through 0.13.0 allows deletion of internal files.
CVSS Score
9.9
EPSS Score
0.014
Published
2024-07-04
Gogs through 0.13.0 allows argument injection during the previewing of changes.
CVSS Score
9.9
EPSS Score
0.002
Published
2024-07-04
Gogs through 0.13.0 allows argument injection during the tagging of a new release.
CVSS Score
7.7
EPSS Score
0.001
Published
2024-07-04