Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
50 vulnerabilities by gogs
CVE-2026-26276 (GCVE-0-2026-26276)
Vulnerability from cvelistv5 – Published: 2026-03-05 18:51 – Updated: 2026-03-07 04:55
VLAI?
Title
Gogs: DOM-based XSS via milestone selection
Summary
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page (/issues/new), a DOM-Based XSS is triggered. This issue has been patched in version 0.14.2.
Severity ?
7.3 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26276",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-07T04:55:33.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.14.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository\u2019s Milestone name, and when another user selects that Milestone on the New Issue page (/issues/new), a DOM-Based XSS is triggered. This issue has been patched in version 0.14.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T18:51:13.530Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gogs/gogs/security/advisories/GHSA-vgjm-2cpf-4g7c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-vgjm-2cpf-4g7c"
},
{
"name": "https://github.com/gogs/gogs/pull/8178",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/pull/8178"
},
{
"name": "https://github.com/gogs/gogs/releases/tag/v0.14.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/releases/tag/v0.14.2"
}
],
"source": {
"advisory": "GHSA-vgjm-2cpf-4g7c",
"discovery": "UNKNOWN"
},
"title": "Gogs: DOM-based XSS via milestone selection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26276",
"datePublished": "2026-03-05T18:51:13.530Z",
"dateReserved": "2026-02-12T17:10:53.413Z",
"dateUpdated": "2026-03-07T04:55:33.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26196 (GCVE-0-2026-26196)
Vulnerability from cvelistv5 – Published: 2026-03-05 18:49 – Updated: 2026-03-06 18:08
VLAI?
Title
Gogs: Access tokens get exposed through URL params in API requests
Summary
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, gogs api still accepts tokens in url params like token and access_token, which can leak through logs, browser history, and referrers. This issue has been patched in version 0.14.2.
Severity ?
CWE
- CWE-598 - Use of GET Request Method With Sensitive Query Strings
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26196",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T18:07:57.384250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T18:08:07.473Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.14.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. Prior to version 0.14.2, gogs api still accepts tokens in url params like token and access_token, which can leak through logs, browser history, and referrers. This issue has been patched in version 0.14.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-598",
"description": "CWE-598: Use of GET Request Method With Sensitive Query Strings",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T18:49:19.540Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gogs/gogs/security/advisories/GHSA-x9p5-w45c-7ffc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-x9p5-w45c-7ffc"
},
{
"name": "https://github.com/gogs/gogs/pull/8177",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/pull/8177"
},
{
"name": "https://github.com/gogs/gogs/commit/295bfba72993c372e7b338438947d8e1a6bed8fd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/295bfba72993c372e7b338438947d8e1a6bed8fd"
},
{
"name": "https://github.com/gogs/gogs/releases/tag/v0.14.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/releases/tag/v0.14.2"
}
],
"source": {
"advisory": "GHSA-x9p5-w45c-7ffc",
"discovery": "UNKNOWN"
},
"title": "Gogs: Access tokens get exposed through URL params in API requests"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26196",
"datePublished": "2026-03-05T18:49:19.540Z",
"dateReserved": "2026-02-11T19:56:24.813Z",
"dateUpdated": "2026-03-06T18:08:07.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26195 (GCVE-0-2026-26195)
Vulnerability from cvelistv5 – Published: 2026-03-05 18:40 – Updated: 2026-03-06 18:08
VLAI?
Title
Gogs: Stored XSS in branch and wiki views through author and committer names
Summary
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, stored xss is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data urls. This issue has been patched in version 0.14.2.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T18:08:41.703910Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T18:08:49.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.14.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. Prior to version 0.14.2, stored xss is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data urls. This issue has been patched in version 0.14.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T18:40:31.249Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gogs/gogs/security/advisories/GHSA-vgvf-m4fw-938j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-vgvf-m4fw-938j"
},
{
"name": "https://github.com/gogs/gogs/pull/8176",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/pull/8176"
},
{
"name": "https://github.com/gogs/gogs/commit/ac21150a53bef3a3061f4da787ab193a8d68ecfc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/ac21150a53bef3a3061f4da787ab193a8d68ecfc"
},
{
"name": "https://github.com/gogs/gogs/releases/tag/v0.14.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/releases/tag/v0.14.2"
}
],
"source": {
"advisory": "GHSA-vgvf-m4fw-938j",
"discovery": "UNKNOWN"
},
"title": "Gogs: Stored XSS in branch and wiki views through author and committer names"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26195",
"datePublished": "2026-03-05T18:40:31.249Z",
"dateReserved": "2026-02-11T19:56:24.813Z",
"dateUpdated": "2026-03-06T18:08:49.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26194 (GCVE-0-2026-26194)
Vulnerability from cvelistv5 – Published: 2026-03-05 18:38 – Updated: 2026-03-06 18:09
VLAI?
Title
Gogs: Release tag option injection in release deletion
Summary
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been patched in version 0.14.2.
Severity ?
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T18:09:29.479182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T18:09:38.115Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.14.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there\u0027s a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been patched in version 0.14.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T18:38:38.860Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gogs/gogs/security/advisories/GHSA-v9vm-r24h-6rqm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-v9vm-r24h-6rqm"
},
{
"name": "https://github.com/gogs/gogs/pull/8175",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/pull/8175"
},
{
"name": "https://github.com/gogs/gogs/commit/a000f0c7a632ada40e6829abdeea525db4c0fc2d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/a000f0c7a632ada40e6829abdeea525db4c0fc2d"
},
{
"name": "https://github.com/gogs/gogs/releases/tag/v0.14.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/releases/tag/v0.14.2"
}
],
"source": {
"advisory": "GHSA-v9vm-r24h-6rqm",
"discovery": "UNKNOWN"
},
"title": "Gogs: Release tag option injection in release deletion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26194",
"datePublished": "2026-03-05T18:38:38.860Z",
"dateReserved": "2026-02-11T19:56:24.813Z",
"dateUpdated": "2026-03-06T18:09:38.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25921 (GCVE-0-2026-25921)
Vulnerability from cvelistv5 – Published: 2026-03-05 18:36 – Updated: 2026-03-06 18:10
VLAI?
Title
Gogs: Cross-repository LFS object overwrite via missing content hash verification
Summary
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. This issue has been patched in version 0.14.2.
Severity ?
9.3 (Critical)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25921",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T18:10:40.475842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T18:10:49.926Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.14.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. This issue has been patched in version 0.14.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T18:36:30.692Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gogs/gogs/security/advisories/GHSA-cj4v-437j-jq4c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-cj4v-437j-jq4c"
},
{
"name": "https://github.com/gogs/gogs/pull/8166",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/pull/8166"
},
{
"name": "https://github.com/gogs/gogs/commit/81ee8836445ac888d99da8b652be7d5cbc5c4d5c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/81ee8836445ac888d99da8b652be7d5cbc5c4d5c"
},
{
"name": "https://github.com/gogs/gogs/releases/tag/v0.14.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/releases/tag/v0.14.2"
}
],
"source": {
"advisory": "GHSA-cj4v-437j-jq4c",
"discovery": "UNKNOWN"
},
"title": "Gogs: Cross-repository LFS object overwrite via missing content hash verification"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25921",
"datePublished": "2026-03-05T18:36:30.692Z",
"dateReserved": "2026-02-09T16:22:17.785Z",
"dateUpdated": "2026-03-06T18:10:49.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26022 (GCVE-0-2026-26022)
Vulnerability from cvelistv5 – Published: 2026-03-05 18:34 – Updated: 2026-03-10 03:55
VLAI?
Title
Gogs: Stored XSS via data URI in issue comments
Summary
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, a stored cross-site scripting (XSS) vulnerability exists in the comment and issue description functionality. The application's HTML sanitizer explicitly allows data: URI schemes, enabling authenticated users to inject arbitrary JavaScript execution via malicious links. This issue has been patched in version 0.14.2.
Severity ?
8.7 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26022",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T03:55:24.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.14.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. Prior to version 0.14.2, a stored cross-site scripting (XSS) vulnerability exists in the comment and issue description functionality. The application\u0027s HTML sanitizer explicitly allows data: URI schemes, enabling authenticated users to inject arbitrary JavaScript execution via malicious links. This issue has been patched in version 0.14.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T18:34:12.843Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gogs/gogs/security/advisories/GHSA-xrcr-gmf5-2r8j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-xrcr-gmf5-2r8j"
},
{
"name": "https://github.com/gogs/gogs/pull/8174",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/pull/8174"
},
{
"name": "https://github.com/gogs/gogs/commit/441c64d7bd8893b2f4e48660a8be3a7472e14291",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/441c64d7bd8893b2f4e48660a8be3a7472e14291"
},
{
"name": "https://github.com/gogs/gogs/releases/tag/v0.14.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/releases/tag/v0.14.2"
}
],
"source": {
"advisory": "GHSA-xrcr-gmf5-2r8j",
"discovery": "UNKNOWN"
},
"title": "Gogs: Stored XSS via data URI in issue comments"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26022",
"datePublished": "2026-03-05T18:34:12.843Z",
"dateReserved": "2026-02-09T21:36:29.555Z",
"dateUpdated": "2026-03-10T03:55:24.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25229 (GCVE-0-2026-25229)
Vulnerability from cvelistv5 – Published: 2026-02-19 02:33 – Updated: 2026-02-19 17:44
VLAI?
Title
Gogs Authorization Bypass Allows Cross-Repository Label Modification
Summary
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have a broken access control vulnerability which allows authenticated users with write access to any repository to modify labels belonging to other repositories. The UpdateLabel function in the Web UI (internal/route/repo/issue.go) fails to verify that the label being modified belongs to the repository specified in the URL path, enabling cross-repository label tampering attacks. The vulnerability exists in the Web UI's label update endpoint POST /:username/:reponame/labels/edit. The handler function UpdateLabel uses an incorrect database query function that bypasses repository ownership validation. This issue has been fixed in version 0.14.1.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25229",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-19T17:04:50.842075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T17:44:28.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.14.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have a broken access control vulnerability which allows authenticated users with write access to any repository to modify labels belonging to other repositories. The UpdateLabel function in the Web UI (internal/route/repo/issue.go) fails to verify that the label being modified belongs to the repository specified in the URL path, enabling cross-repository label tampering attacks. The vulnerability exists in the Web UI\u0027s label update endpoint POST /:username/:reponame/labels/edit. The handler function UpdateLabel uses an incorrect database query function that bypasses repository ownership validation. This issue has been fixed in version 0.14.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T02:33:09.877Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gogs/gogs/security/advisories/GHSA-cv22-72px-f4gh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-cv22-72px-f4gh"
},
{
"name": "https://github.com/gogs/gogs/commit/643a6d6353cb6a182a4e1f0720228727f30a3ad2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/643a6d6353cb6a182a4e1f0720228727f30a3ad2"
}
],
"source": {
"advisory": "GHSA-cv22-72px-f4gh",
"discovery": "UNKNOWN"
},
"title": "Gogs Authorization Bypass Allows Cross-Repository Label Modification"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25229",
"datePublished": "2026-02-19T02:33:09.877Z",
"dateReserved": "2026-01-30T14:44:47.328Z",
"dateUpdated": "2026-02-19T17:44:28.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25242 (GCVE-0-2026-25242)
Vulnerability from cvelistv5 – Published: 2026-02-19 02:28 – Updated: 2026-02-19 17:44
VLAI?
Title
Gogs allows unauthenticated file uploads
Summary
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled (default), any remote user can upload arbitrary files to the server via /releases/attachments and /issues/attachments. This enables the instance to be abused as a public file host, potentially leading to disk exhaustion, content hosting, or delivery of malware. CSRF tokens do not mitigate this attack due to same-origin cookie issuance. This issue has been fixed in version 0.14.1.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-19T17:23:29.408186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T17:44:40.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.14.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled (default), any remote user can upload arbitrary files to the server via /releases/attachments and /issues/attachments. This enables the instance to be abused as a public file host, potentially leading to disk exhaustion, content hosting, or delivery of malware. CSRF tokens do not mitigate this attack due to same-origin cookie issuance. This issue has been fixed in version 0.14.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T02:28:40.140Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gogs/gogs/security/advisories/GHSA-fc3h-92p8-h36f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-fc3h-92p8-h36f"
},
{
"name": "https://github.com/gogs/gogs/pull/8128",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/pull/8128"
},
{
"name": "https://github.com/gogs/gogs/commit/628216d5889fcb838c471f4754f09b935d9cd9f3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/628216d5889fcb838c471f4754f09b935d9cd9f3"
},
{
"name": "https://github.com/gogs/gogs/releases/tag/v0.14.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/releases/tag/v0.14.1"
}
],
"source": {
"advisory": "GHSA-fc3h-92p8-h36f",
"discovery": "UNKNOWN"
},
"title": "Gogs allows unauthenticated file uploads"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25242",
"datePublished": "2026-02-19T02:28:40.140Z",
"dateReserved": "2026-01-30T14:44:47.329Z",
"dateUpdated": "2026-02-19T17:44:40.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25232 (GCVE-0-2026-25232)
Vulnerability from cvelistv5 – Published: 2026-02-19 02:25 – Updated: 2026-02-19 17:44
VLAI?
Title
Gogs has a Protected Branch Deletion Bypass in Web Interface
Summary
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches (including the default branch) by sending a direct POST request, completely bypassing the branch protection mechanism. This vulnerability in the DeleteBranchPost function eenables privilege escalation from Write to Admin level, allowing low-privilege users to perform dangerous operations that should be restricted to administrators only. Although Git Hook layer correctly prevents protected branch deletion via SSH push, the web interface deletion operation does not trigger Git Hooks, resulting in complete bypass of protection mechanisms. In oder to exploit this vulnerability, attackers must have write permissions to the target repository, protected branches configured to the target repository and access to the Gogs web interface. This issue has been fixed in version 0.14.1.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-19T17:04:55.043252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T17:44:52.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.14.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches (including the default branch) by sending a direct POST request, completely bypassing the branch protection mechanism. This vulnerability in the DeleteBranchPost function eenables privilege escalation from Write to Admin level, allowing low-privilege users to perform dangerous operations that should be restricted to administrators only. Although Git Hook layer correctly prevents protected branch deletion via SSH push, the web interface deletion operation does not trigger Git Hooks, resulting in complete bypass of protection mechanisms. In oder to exploit this vulnerability, attackers must have write permissions to the target repository, protected branches configured to the target repository and access to the Gogs web interface. This issue has been fixed in version 0.14.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T02:25:34.039Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gogs/gogs/security/advisories/GHSA-2c6v-8r3v-gh6p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-2c6v-8r3v-gh6p"
},
{
"name": "https://github.com/gogs/gogs/pull/8124",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/pull/8124"
},
{
"name": "https://github.com/gogs/gogs/commit/7b7e38c88007a7c482dbf31efff896185fd9b79c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/7b7e38c88007a7c482dbf31efff896185fd9b79c"
},
{
"name": "https://github.com/gogs/gogs/releases/tag/v0.14.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/releases/tag/v0.14.1"
}
],
"source": {
"advisory": "GHSA-2c6v-8r3v-gh6p",
"discovery": "UNKNOWN"
},
"title": "Gogs has a Protected Branch Deletion Bypass in Web Interface"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25232",
"datePublished": "2026-02-19T02:25:34.039Z",
"dateReserved": "2026-01-30T14:44:47.328Z",
"dateUpdated": "2026-02-19T17:44:52.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25120 (GCVE-0-2026-25120)
Vulnerability from cvelistv5 – Published: 2026-02-19 01:59 – Updated: 2026-02-19 17:45
VLAI?
Title
Gogs Allows Cross-Repository Comment Deletion via DeleteComment
Summary
Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, the DeleteComment API does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by supplying arbitrary comment IDs, bypassing authorization controls. The DeleteComment function retrieves a comment by ID without verifying repository ownership and the Database function DeleteCommentByID performs no repository validation. This issue has been fixed in version 0.14.0.
Severity ?
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-19T17:04:58.960021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T17:45:04.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.14.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, the DeleteComment API does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by supplying arbitrary comment IDs, bypassing authorization controls. The DeleteComment function retrieves a comment by ID without verifying repository ownership and the Database function DeleteCommentByID performs no repository validation. This issue has been fixed in version 0.14.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T01:59:39.257Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gogs/gogs/security/advisories/GHSA-jj5m-h57j-5gv7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-jj5m-h57j-5gv7"
},
{
"name": "https://github.com/gogs/gogs/commit/1b226ca48dc8b3e95cc1c41229d72819c960a1b7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/1b226ca48dc8b3e95cc1c41229d72819c960a1b7"
}
],
"source": {
"advisory": "GHSA-jj5m-h57j-5gv7",
"discovery": "UNKNOWN"
},
"title": "Gogs Allows Cross-Repository Comment Deletion via DeleteComment"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25120",
"datePublished": "2026-02-19T01:59:39.257Z",
"dateReserved": "2026-01-29T14:03:42.539Z",
"dateUpdated": "2026-02-19T17:45:04.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24135 (GCVE-0-2026-24135)
Vulnerability from cvelistv5 – Published: 2026-02-06 17:47 – Updated: 2026-02-06 18:08
VLAI?
Title
Gogs vulnerable to arbitrary file deletion via path traversal in wiki page update
Summary
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, a path traversal vulnerability exists in the updateWikiPage function of Gogs. The vulnerability allows an authenticated user with write access to a repository's wiki to delete arbitrary files on the server by manipulating the old_title parameter in the wiki editing form. This issue has been patched in versions 0.13.4 and 0.14.0+dev.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24135",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T18:08:01.081937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T18:08:28.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.14.0+dev"
},
{
"status": "affected",
"version": "\u003c 0.13.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, a path traversal vulnerability exists in the updateWikiPage function of Gogs. The vulnerability allows an authenticated user with write access to a repository\u0027s wiki to delete arbitrary files on the server by manipulating the old_title parameter in the wiki editing form. This issue has been patched in versions 0.13.4 and 0.14.0+dev."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:47:49.935Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gogs/gogs/security/advisories/GHSA-jp7c-wj6q-3qf2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-jp7c-wj6q-3qf2"
}
],
"source": {
"advisory": "GHSA-jp7c-wj6q-3qf2",
"discovery": "UNKNOWN"
},
"title": "Gogs vulnerable to arbitrary file deletion via path traversal in wiki page update"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24135",
"datePublished": "2026-02-06T17:47:49.935Z",
"dateReserved": "2026-01-21T18:38:22.474Z",
"dateUpdated": "2026-02-06T18:08:28.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23633 (GCVE-0-2026-23633)
Vulnerability from cvelistv5 – Published: 2026-02-06 17:46 – Updated: 2026-02-06 18:53
VLAI?
Title
Gogs has arbitrary file read/write via path traversal in Git hook editing
Summary
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, there is an arbitrary file read/write via path traversal in Git hook editing. This issue has been patched in versions 0.13.4 and 0.14.0+dev.
Severity ?
6.5 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T18:53:18.442069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T18:53:26.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.14.0+dev"
},
{
"status": "affected",
"version": "\u003c 0.13.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, there is an arbitrary file read/write via path traversal in Git hook editing. This issue has been patched in versions 0.13.4 and 0.14.0+dev."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:46:59.683Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gogs/gogs/security/advisories/GHSA-mrph-w4hh-gx3g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-mrph-w4hh-gx3g"
}
],
"source": {
"advisory": "GHSA-mrph-w4hh-gx3g",
"discovery": "UNKNOWN"
},
"title": "Gogs has arbitrary file read/write via path traversal in Git hook editing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23633",
"datePublished": "2026-02-06T17:46:59.683Z",
"dateReserved": "2026-01-14T16:08:37.483Z",
"dateUpdated": "2026-02-06T18:53:26.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23632 (GCVE-0-2026-23632)
Vulnerability from cvelistv5 – Published: 2026-02-06 17:43 – Updated: 2026-02-06 18:54
VLAI?
Title
Gogs user can update repository content with read-only permission
Summary
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, the endpoint "PUT /repos/:owner/:repo/contents/*" does not require write permissions and allows access with read permission only via repoAssignment(). After passing the permission check, PutContents() invokes UpdateRepoFile(), which results in commit creation and the execution of git push. As a result, a token with read-only permission can be used to modify repository contents. This issue has been patched in versions 0.13.4 and 0.14.0+dev.
Severity ?
6.5 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23632",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T18:54:08.202591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T18:54:15.180Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.14.0+dev"
},
{
"status": "affected",
"version": "\u003c 0.13.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, the endpoint \"PUT /repos/:owner/:repo/contents/*\" does not require write permissions and allows access with read permission only via repoAssignment(). After passing the permission check, PutContents() invokes UpdateRepoFile(), which results in commit creation and the execution of git push. As a result, a token with read-only permission can be used to modify repository contents. This issue has been patched in versions 0.13.4 and 0.14.0+dev."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:43:45.757Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gogs/gogs/security/advisories/GHSA-5qhx-gwfj-6jqr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-5qhx-gwfj-6jqr"
}
],
"source": {
"advisory": "GHSA-5qhx-gwfj-6jqr",
"discovery": "UNKNOWN"
},
"title": "Gogs user can update repository content with read-only permission"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23632",
"datePublished": "2026-02-06T17:43:45.757Z",
"dateReserved": "2026-01-14T16:08:37.482Z",
"dateUpdated": "2026-02-06T18:54:15.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22592 (GCVE-0-2026-22592)
Vulnerability from cvelistv5 – Published: 2026-02-06 17:42 – Updated: 2026-02-06 18:55
VLAI?
Title
Gogs is Vulnerable to Denial of Service
Summary
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, an authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the application to crash. This issue has been patched in versions 0.13.4 and 0.14.0+dev.
Severity ?
6.5 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22592",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T18:55:12.756594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T18:55:18.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-cr88-6mqm-4g57"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.14.0+dev"
},
{
"status": "affected",
"version": "\u003c 0.13.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, an authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the application to crash. This issue has been patched in versions 0.13.4 and 0.14.0+dev."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:42:26.326Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gogs/gogs/security/advisories/GHSA-cr88-6mqm-4g57",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-cr88-6mqm-4g57"
}
],
"source": {
"advisory": "GHSA-cr88-6mqm-4g57",
"discovery": "UNKNOWN"
},
"title": "Gogs is Vulnerable to Denial of Service"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22592",
"datePublished": "2026-02-06T17:42:26.326Z",
"dateReserved": "2026-01-07T21:50:39.532Z",
"dateUpdated": "2026-02-06T18:55:18.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64175 (GCVE-0-2025-64175)
Vulnerability from cvelistv5 – Published: 2026-02-06 17:41 – Updated: 2026-02-26 15:04
VLAI?
Title
Gogs Vulnerable to 2FA Bypass via Recovery Code
Summary
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim’s username and password, they can use any unused recovery code (e.g., from their own account) to bypass the victim’s 2FA. This enables full account takeover and renders 2FA ineffective in all environments where it's enabled.. This issue has been patched in versions 0.13.4 and 0.14.0+dev.
Severity ?
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64175",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-07T04:55:22.362410Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:15.736Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-p6x6-9mx6-26wj"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.14.0+dev"
},
{
"status": "affected",
"version": "\u003c 0.13.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs\u2019 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim\u2019s username and password, they can use any unused recovery code (e.g., from their own account) to bypass the victim\u2019s 2FA. This enables full account takeover and renders 2FA ineffective in all environments where it\u0027s enabled.. This issue has been patched in versions 0.13.4 and 0.14.0+dev."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:41:07.321Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gogs/gogs/security/advisories/GHSA-p6x6-9mx6-26wj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-p6x6-9mx6-26wj"
}
],
"source": {
"advisory": "GHSA-p6x6-9mx6-26wj",
"discovery": "UNKNOWN"
},
"title": "Gogs Vulnerable to 2FA Bypass via Recovery Code"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64175",
"datePublished": "2026-02-06T17:41:07.321Z",
"dateReserved": "2025-10-28T21:07:16.439Z",
"dateUpdated": "2026-02-26T15:04:15.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64111 (GCVE-0-2025-64111)
Vulnerability from cvelistv5 – Published: 2026-02-06 16:58 – Updated: 2026-02-26 15:04
VLAI?
Title
Gogs's update .git/config file allows remote command execution
Summary
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve remote command execution. This issue has been patched in versions 0.13.4 and 0.14.0+dev.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64111",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-07T04:55:21.593052Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:16.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.14.0+dev"
},
{
"status": "affected",
"version": "\u003c 0.13.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it\u0027s still possible to update files in the .git directory and achieve remote command execution. This issue has been patched in versions 0.13.4 and 0.14.0+dev."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T16:58:01.853Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gogs/gogs/security/advisories/GHSA-gg64-xxr9-qhjp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-gg64-xxr9-qhjp"
}
],
"source": {
"advisory": "GHSA-gg64-xxr9-qhjp",
"discovery": "UNKNOWN"
},
"title": "Gogs\u0027s update .git/config file allows remote command execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64111",
"datePublished": "2026-02-06T16:58:01.853Z",
"dateReserved": "2025-10-27T15:26:14.127Z",
"dateUpdated": "2026-02-26T15:04:16.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8110 (GCVE-0-2025-8110)
Vulnerability from cvelistv5 – Published: 2025-12-10 13:23 – Updated: 2026-02-26 16:21
VLAI?
Title
File overwrite in file update API in Gogs
Summary
Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Date Public ?
2025-12-10 13:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8110",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T04:55:48.537174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-01-12",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8110"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:21:06.106Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/gogs/gogs/pull/8078"
},
{
"tags": [
"patch"
],
"url": "https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec294c6f6"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8110"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-12T00:00:00.000Z",
"value": "CVE-2025-8110 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-01-18T03:33:12.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/12/11/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/12/11/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/01/17/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/01/18/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/01/18/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Gogs",
"platforms": [
"Linux",
"Windows"
],
"product": "Gogs",
"repo": "https://github.com/gogs/gogs",
"vendor": "Gogs",
"versions": [
{
"lessThanOrEqual": "0.13.3",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"datePublic": "2025-12-10T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code."
}
],
"value": "Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code."
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "ATTACKED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/AU:Y/R:U/V:C",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T19:42:39.728Z",
"orgId": "9947ef80-c5d5-474a-bbab-97341a59000e",
"shortName": "Wiz"
},
"references": [
{
"url": "http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit"
}
],
"source": {
"discovery": "USER"
},
"title": "File overwrite in file update API in Gogs",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9947ef80-c5d5-474a-bbab-97341a59000e",
"assignerShortName": "Wiz",
"cveId": "CVE-2025-8110",
"datePublished": "2025-12-10T13:23:46.777Z",
"dateReserved": "2025-07-24T10:02:24.954Z",
"dateUpdated": "2026-02-26T16:21:06.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47943 (GCVE-0-2025-47943)
Vulnerability from cvelistv5 – Published: 2025-06-24 03:48 – Updated: 2025-07-30 17:45
VLAI?
Title
Gogs stored XSS in PDF renderer
Summary
Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting (XSS) vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable and outdated component: pdfjs-1.4.20 under public/plugins/. This issue has been fixed for gogs.io/gogs in version 0.13.3.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47943",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T21:48:30.476761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T21:48:47.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-xh32-cx6c-cp4v"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.14.0+dev"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting (XSS) vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable and outdated component: pdfjs-1.4.20 under public/plugins/. This issue has been fixed for gogs.io/gogs in version 0.13.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T17:45:57.812Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gogs/gogs/security/advisories/GHSA-xh32-cx6c-cp4v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-xh32-cx6c-cp4v"
},
{
"name": "https://github.com/gogs/gogs/commit/110117b2e5e5baa4809c819bec701e929d2d8d40",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/110117b2e5e5baa4809c819bec701e929d2d8d40"
},
{
"name": "https://github.com/gogs/gogs/releases/tag/v0.13.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/releases/tag/v0.13.3"
},
{
"name": "https://www.hacktivesecurity.com/blog/2025/07/15/cve-2025-47943-stored-xss-in-gogs-via-pdf",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.hacktivesecurity.com/blog/2025/07/15/cve-2025-47943-stored-xss-in-gogs-via-pdf"
}
],
"source": {
"advisory": "GHSA-xh32-cx6c-cp4v",
"discovery": "UNKNOWN"
},
"title": "Gogs stored XSS in PDF renderer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47943",
"datePublished": "2025-06-24T03:48:06.012Z",
"dateReserved": "2025-05-14T10:32:43.530Z",
"dateUpdated": "2025-07-30T17:45:57.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56731 (GCVE-0-2024-56731)
Vulnerability from cvelistv5 – Published: 2025-06-24 03:37 – Updated: 2025-06-25 12:43
VLAI?
Title
Gogs deletion of internal files allows remote command execution
Summary
Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instance with the privileges of the account specified by RUN_USER in the configuration. Allowing attackers to access and alter any users' code hosted on the same instance. This issue has been patched in version 0.13.3.
Severity ?
10 (Critical)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:25:08.585114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:43:04.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.13.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it\u0027s still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instance with the privileges of the account specified by RUN_USER in the configuration. Allowing attackers to access and alter any users\u0027 code hosted on the same instance. This issue has been patched in version 0.13.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T03:37:42.327Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7"
},
{
"name": "https://github.com/gogs/gogs/commit/77a4a945ae9a87f77e392e9066b560edb71b5de9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/77a4a945ae9a87f77e392e9066b560edb71b5de9"
},
{
"name": "https://github.com/gogs/gogs/releases/tag/v0.13.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/releases/tag/v0.13.3"
}
],
"source": {
"advisory": "GHSA-wj44-9vcg-wjq7",
"discovery": "UNKNOWN"
},
"title": "Gogs deletion of internal files allows remote command execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-56731",
"datePublished": "2025-06-24T03:37:42.327Z",
"dateReserved": "2024-12-27T15:03:02.803Z",
"dateUpdated": "2025-06-25T12:43:04.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55947 (GCVE-0-2024-55947)
Vulnerability from cvelistv5 – Published: 2024-12-23 15:26 – Updated: 2024-12-24 15:59
VLAI?
Title
Gogs has a Path Traversal in file update API
Summary
Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55947",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T15:58:34.175956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T15:59:02.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-qf5v-rp47-55gg"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.13.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T15:26:47.507Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gogs/gogs/security/advisories/GHSA-qf5v-rp47-55gg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-qf5v-rp47-55gg"
},
{
"name": "https://github.com/gogs/gogs/issues/7582",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/issues/7582"
},
{
"name": "https://github.com/gogs/gogs/pull/7859",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/pull/7859"
},
{
"name": "https://github.com/gogs/gogs/commit/9a9388ace25bd646f5098cb9193d983332c34e41",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/9a9388ace25bd646f5098cb9193d983332c34e41"
}
],
"source": {
"advisory": "GHSA-qf5v-rp47-55gg",
"discovery": "UNKNOWN"
},
"title": "Gogs has a Path Traversal in file update API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55947",
"datePublished": "2024-12-23T15:26:47.507Z",
"dateReserved": "2024-12-13T17:39:32.960Z",
"dateUpdated": "2024-12-24T15:59:02.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54148 (GCVE-0-2024-54148)
Vulnerability from cvelistv5 – Published: 2024-12-23 15:22 – Updated: 2024-12-24 01:52
VLAI?
Title
Gogs has a Path Traversal in file editing UI
Summary
Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-54148",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T01:52:15.112862Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T01:52:58.173Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.13.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T15:22:48.244Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gogs/gogs/security/advisories/GHSA-r7j8-5h9c-f6fx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-r7j8-5h9c-f6fx"
},
{
"name": "https://github.com/gogs/gogs/issues/7582",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/issues/7582"
},
{
"name": "https://github.com/gogs/gogs/pull/7857",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/pull/7857"
},
{
"name": "https://github.com/gogs/gogs/commit/c94baec9ca923f38c19f0c7c5af722b9ec04022a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/c94baec9ca923f38c19f0c7c5af722b9ec04022a"
}
],
"source": {
"advisory": "GHSA-r7j8-5h9c-f6fx",
"discovery": "UNKNOWN"
},
"title": "Gogs has a Path Traversal in file editing UI"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-54148",
"datePublished": "2024-12-23T15:22:48.244Z",
"dateReserved": "2024-11-29T18:02:16.756Z",
"dateUpdated": "2024-12-24T01:52:58.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1884 (GCVE-0-2022-1884)
Vulnerability from cvelistv5 – Published: 2024-11-15 10:53 – Updated: 2024-11-15 19:15
VLAI?
Title
Remote Command Execution in gogs/gogs
Summary
A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` to upload a file into the .git directory, allowing them to write or rewrite the `.git/config` file. If the `core.sshCommand` is set, this can lead to remote command execution.
Severity ?
10 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"lessThanOrEqual": "0.12.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-1884",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T19:13:14.910217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T19:15:02.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote command execution vulnerability exists in gogs/gogs versions \u003c=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` to upload a file into the .git directory, allowing them to write or rewrite the `.git/config` file. If the `core.sshCommand` is set, this can lead to remote command execution."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T10:53:00.844Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/9cd4e7b7-0979-4e5e-9a1c-388b58dea76b"
}
],
"source": {
"advisory": "9cd4e7b7-0979-4e5e-9a1c-388b58dea76b",
"discovery": "EXTERNAL"
},
"title": "Remote Command Execution in gogs/gogs"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2022-1884",
"datePublished": "2024-11-15T10:53:00.844Z",
"dateReserved": "2022-05-25T12:20:16.450Z",
"dateUpdated": "2024-11-15T19:15:02.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-44625 (GCVE-0-2024-44625)
Vulnerability from cvelistv5 – Published: 2024-11-15 00:00 – Updated: 2024-11-20 20:20
VLAI?
Summary
Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"lessThanOrEqual": "0.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-44625",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T20:17:42.168454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T20:20:11.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs \u003c=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T16:54:07.175Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gogs.io/"
},
{
"url": "https://fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogs/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-44625",
"datePublished": "2024-11-15T00:00:00.000Z",
"dateReserved": "2024-08-21T00:00:00.000Z",
"dateUpdated": "2024-11-20T20:20:11.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39931 (GCVE-0-2024-39931)
Vulnerability from cvelistv5 – Published: 2024-07-04 00:00 – Updated: 2024-08-02 04:33
VLAI?
Summary
Gogs through 0.13.0 allows deletion of internal files.
Severity ?
9.9 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"lessThanOrEqual": "0.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39931",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T16:36:45.493589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T16:43:49.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gogs/gogs/releases"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs through 0.13.0 allows deletion of internal files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-04T15:42:41.479Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/gogs/gogs/releases"
},
{
"url": "https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39931",
"datePublished": "2024-07-04T00:00:00.000Z",
"dateReserved": "2024-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-02T04:33:11.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39933 (GCVE-0-2024-39933)
Vulnerability from cvelistv5 – Published: 2024-07-04 00:00 – Updated: 2024-08-02 04:33
VLAI?
Summary
Gogs through 0.13.0 allows argument injection during the tagging of a new release.
Severity ?
7.7 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"lessThanOrEqual": "0.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T20:46:31.663411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T20:48:53.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gogs/gogs/releases"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs through 0.13.0 allows argument injection during the tagging of a new release."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-04T15:42:05.057Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/gogs/gogs/releases"
},
{
"url": "https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39933",
"datePublished": "2024-07-04T00:00:00.000Z",
"dateReserved": "2024-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-02T04:33:11.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39930 (GCVE-0-2024-39930)
Vulnerability from cvelistv5 – Published: 2024-07-04 00:00 – Updated: 2024-08-28 15:22
VLAI?
Summary
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected.
Severity ?
9.9 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-19T07:47:42.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gogs/gogs/releases"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/"
},
{
"url": "https://www.vicarius.io/vsociety/posts/argument-injection-in-gogs-ssh-server-cve-2024-39930"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"lessThanOrEqual": "0.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39930",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-12T18:33:50.332021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T18:39:08.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T15:22:31.592Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/gogs/gogs/releases"
},
{
"url": "https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/"
},
{
"url": "https://www.vicarius.io/vsociety/posts/argument-injection-in-gogs-ssh-server-cve-2024-39930"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39930",
"datePublished": "2024-07-04T00:00:00.000Z",
"dateReserved": "2024-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-28T15:22:31.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39932 (GCVE-0-2024-39932)
Vulnerability from cvelistv5 – Published: 2024-07-04 00:00 – Updated: 2024-08-02 04:33
VLAI?
Summary
Gogs through 0.13.0 allows argument injection during the previewing of changes.
Severity ?
9.9 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"status": "affected",
"version": "0.13.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39932",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T13:59:14.874329Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T14:01:48.922Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gogs/gogs/releases"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gogs through 0.13.0 allows argument injection during the previewing of changes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-04T15:42:21.706Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/gogs/gogs/releases"
},
{
"url": "https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39932",
"datePublished": "2024-07-04T00:00:00.000Z",
"dateReserved": "2024-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-02T04:33:11.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2024 (GCVE-0-2022-2024)
Vulnerability from cvelistv5 – Published: 2023-02-25 00:00 – Updated: 2025-03-11 15:39
VLAI?
Title
OS Command Injection in gogs/gogs
Summary
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/18cf9256-23ab-4098-a769-85f8da130f97"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gogs/gogs/commit/15d0d6a94be0098a8227b6b95bdf2daed105ec41"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2024",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T15:39:21.393919Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T15:39:29.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThan": "0.12.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-25T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/18cf9256-23ab-4098-a769-85f8da130f97"
},
{
"url": "https://github.com/gogs/gogs/commit/15d0d6a94be0098a8227b6b95bdf2daed105ec41"
}
],
"source": {
"advisory": "18cf9256-23ab-4098-a769-85f8da130f97",
"discovery": "EXTERNAL"
},
"title": "OS Command Injection in gogs/gogs"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2024",
"datePublished": "2023-02-25T00:00:00.000Z",
"dateReserved": "2022-06-08T00:00:00.000Z",
"dateUpdated": "2025-03-11T15:39:29.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32174 (GCVE-0-2022-32174)
Vulnerability from cvelistv5 – Published: 2022-10-11 14:20 – Updated: 2025-05-16 13:49
VLAI?
Title
Gogs - XSS
Summary
In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
Date Public ?
2022-10-06 00:00
Credits
Mend Vulnerability Research Team (MVR)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:32:55.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.mend.io/vulnerability-database/CVE-2022-32174"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gogs/gogs/blob/v0.12.10/public/js/gogs.js#L263"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-32174",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T13:48:52.683526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T13:49:17.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v0.6.5",
"versionType": "custom"
},
{
"lessThanOrEqual": "v0.12.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mend Vulnerability Research Team (MVR)"
}
],
"datePublic": "2022-10-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover."
}
],
"metrics": [
{
"other": {
"content": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": 3.1
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-11T00:00:00.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"url": "https://www.mend.io/vulnerability-database/CVE-2022-32174"
},
{
"url": "https://github.com/gogs/gogs/blob/v0.12.10/public/js/gogs.js#L263"
}
],
"source": {
"advisory": "https://www.mend.io/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "Gogs - XSS",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2022-32174",
"datePublished": "2022-10-11T14:20:16.527Z",
"dateReserved": "2022-05-31T00:00:00.000Z",
"dateUpdated": "2025-05-16T13:49:17.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1986 (GCVE-0-2022-1986)
Vulnerability from cvelistv5 – Published: 2022-06-09 03:35 – Updated: 2024-08-03 00:24
VLAI?
Title
OS Command Injection in gogs/gogs
Summary
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.
Severity ?
10 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gogs/gogs/commit/38aff73251cc46ced96dd608dab6190415032a82"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThan": "0.12.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T03:35:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/38aff73251cc46ced96dd608dab6190415032a82"
}
],
"source": {
"advisory": "776e8f29-ff5e-4501-bb9f-0bd335007930",
"discovery": "EXTERNAL"
},
"title": "OS Command Injection in gogs/gogs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1986",
"STATE": "PUBLIC",
"TITLE": "OS Command Injection in gogs/gogs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gogs/gogs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.12.9"
}
]
}
}
]
},
"vendor_name": "gogs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930"
},
{
"name": "https://github.com/gogs/gogs/commit/38aff73251cc46ced96dd608dab6190415032a82",
"refsource": "MISC",
"url": "https://github.com/gogs/gogs/commit/38aff73251cc46ced96dd608dab6190415032a82"
}
]
},
"source": {
"advisory": "776e8f29-ff5e-4501-bb9f-0bd335007930",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1986",
"datePublished": "2022-06-09T03:35:11.000Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:44.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}