CVE-2024-44625

Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*

History

19 Nov 2024, 21:51

Type Values Removed Values Added
CPE cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CWE CWE-22
References () https://fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogs/ - () https://fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogs/ - Exploit, Third Party Advisory
References () https://gogs.io/ - () https://gogs.io/ - Product
First Time Gogs
Gogs gogs

18 Nov 2024, 17:11

Type Values Removed Values Added
Summary
  • (es) Gogs &lt;=0.13.0 es vulnerable a la navegación de Directory Traversal de la función editFilePost de internal/route/repo/editor.go.

15 Nov 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-15 17:15

Updated : 2024-11-21 09:36


NVD link : CVE-2024-44625

Mitre link : CVE-2024-44625

CVE.ORG link : CVE-2024-44625


JSON object : View

Products Affected

gogs

  • gogs
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')