gogs/gogs

unspecified

OTHER 10 CVEs

latest

OTHER 1 CVE

CVE-2022-1884

A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` to upload a file into the .git directory, allowing them to write or rewrite the `.git/config` file. If the `core.sshCommand` is set, this can lead to remote command execution.

CRITICAL Nov 15, 2024

CVE-2022-2024

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.

CRITICAL Feb 25, 2023

CVE-2022-1986

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.

CRITICAL Jun 09, 2022

CVE-2022-1993

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.

HIGH Jun 08, 2022

CVE-2022-1992

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.

CRITICAL Jun 08, 2022

CVE-2022-1285

Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8.

HIGH Jun 01, 2022

CVE-2022-1464

Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account .

HIGH May 05, 2022

CVE-2022-0415

Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.

CRITICAL Mar 21, 2022

CVE-2022-0870

Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.

MEDIUM Mar 11, 2022

CVE-2022-0871

Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5.

HIGH Mar 11, 2022