Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-6vcc-v9vw-g2x5

GitHub Security Advisory

Path Traversal in Git HTTP endpoints in Gogs

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

### Impact

The malicious user is able to craft HTTP requests to access unauthorized Git directories. All installations with are affected.

### Patches

Path cleaning has accommodated for Git HTTP endpoints. Users should upgrade to 0.12.9 or the latest 0.13.0+dev.

### Workarounds

N/A

### References

https://huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d/

### For more information

If you have any questions or comments about this advisory, please post on #7002.

Affected Packages

Go gogs.io/gogs
Affected versions: 0 (fixed in 0.12.9)

Related CVEs

CVE-2022-1993

Key Information

GHSA ID
GHSA-6vcc-v9vw-g2x5
Published
June 8, 2022 10:34 PM
Last Modified
June 17, 2022 7:20 PM
CVSS Score
7.5 /10
Primary Ecosystem
Go
Primary Package
gogs.io/gogs
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 14, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.