Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go.
References
Link | Resource |
---|---|
https://fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogs/ | Exploit Third Party Advisory |
https://gogs.io/ | Product |
Configurations
History
19 Nov 2024, 21:51
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CWE | CWE-22 | |
References | () https://fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogs/ - Exploit, Third Party Advisory | |
References | () https://gogs.io/ - Product | |
First Time |
Gogs
Gogs gogs |
18 Nov 2024, 17:11
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
15 Nov 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-15 17:15
Updated : 2024-11-21 09:36
NVD link : CVE-2024-44625
Mitre link : CVE-2024-44625
CVE.ORG link : CVE-2024-44625
JSON object : View
Products Affected
gogs
- gogs
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')