Known Vulnerabilities
CVE-2024-44625
Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go.
HIGH
CVSS 8.8
Published Nov 15, 2024
CVE-2024-39932
Gogs through 0.13.0 allows argument injection during the previewing of changes.
CRITICAL
CVSS 9.9
Published Jul 04, 2024
CVE-2024-39930
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected.
CRITICAL
CVSS 9.9
Published Jul 04, 2024
CVE-2024-39933
Gogs through 0.13.0 allows argument injection during the tagging of a new release.
HIGH
CVSS 7.7
Published Jul 04, 2024
CVE-2024-39931
Gogs through 0.13.0 allows deletion of internal files.
CRITICAL
CVSS 9.9
Published Jul 04, 2024