{"vulnerability": "CVE-2024-3993", "sightings": [{"uuid": "8acf4047-7161-4134-a369-470ae478fe2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39930", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lt3msrynif27", "content": "", "creation_timestamp": "2025-07-03T21:02:21.368041Z"}, {"uuid": "3be755b6-01fc-4c83-b389-c1a5eb12cd1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39931", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114774100581117797", "content": "", "creation_timestamp": "2025-06-30T20:03:11.302523Z"}, {"uuid": "a424ded9-b32d-4a25-b803-e1c543f93c7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39931", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lsqetoazms27", "content": "", "creation_timestamp": "2025-06-29T09:40:24.715288Z"}, {"uuid": "6094faab-771c-4584-9468-545306c94e49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39931", "type": "seen", "source": "https://gist.github.com/alon710/b1bbb34e2f8fd6edb93ac300700cdbf5", "content": "", "creation_timestamp": "2026-01-24T21:32:13.000000Z"}, {"uuid": "6e7533dd-c7e8-4712-843c-171d1cb862cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39931", "type": "seen", "source": "https://gist.github.com/alon710/9ab620d3826e9242e97ff8b60798dfb8", "content": "", "creation_timestamp": "2026-01-24T22:44:30.000000Z"}, {"uuid": "7ce5d469-3607-4c43-b62c-a40bf0150df6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39936", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8137", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-39936\n\ud83d\udd25 CVSS Score: 8.6 (cvssV3_1, Vector: CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:C/UI:N)\n\ud83d\udd39 Description: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..\n\ud83d\udccf Published: 2024-07-04T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-19T20:03:04.838Z\n\ud83d\udd17 References:\n1. https://codereview.qt-project.org/c/qt/qtbase/+/571601", "creation_timestamp": "2025-03-19T20:18:03.000000Z"}, {"uuid": "919dc7d0-ebf1-4496-af60-467e07877f58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39931", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19309", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-56731\n\ud83d\udd25 CVSS Score: 10 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instance with the privileges of the account specified by RUN_USER in the configuration. Allowing attackers to access and alter any users' code hosted on the same instance. This issue has been patched in version 0.13.3.\n\ud83d\udccf Published: 2025-06-24T03:37:42.327Z\n\ud83d\udccf Modified: 2025-06-24T03:37:42.327Z\n\ud83d\udd17 References:\n1. https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7\n2. https://github.com/gogs/gogs/commit/77a4a945ae9a87f77e392e9066b560edb71b5de9\n3. https://github.com/gogs/gogs/releases/tag/v0.13.3", "creation_timestamp": "2025-06-24T04:48:49.000000Z"}, {"uuid": "f5a14e19-0ce7-423f-b6ef-e8291d7c1fda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39930", "type": "published-proof-of-concept", "source": "Telegram/BGbdnO5qVCeRESkVN9shfeMdpVcVG1XeThDpF5WVRjJQCD0", "content": "", "creation_timestamp": "2025-07-22T21:00:04.000000Z"}, {"uuid": "a14d8e29-2869-4c75-aba9-191673e5111c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39931", "type": "seen", "source": "https://t.me/cvedetector/59", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39931 - Gogs through 0.13.0 allows deletion of internal fi\", \n  \"Content\": \"CVE ID : CVE-2024-39931 \nPublished : July 4, 2024, 4:15 p.m. | 33\u00a0minutes ago \nDescription : Gogs through 0.13.0 allows deletion of internal files. \nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-04T18:56:14.000000Z"}, {"uuid": "6d093ac3-ebaf-47fc-bf81-3a9c9333278f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39937", "type": "seen", "source": "https://t.me/cvedetector/73", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39937 - supOS 5.0 allows api/image/download?fileName=../ d\", \n  \"Content\": \"CVE ID : CVE-2024-39937 \nPublished : July 4, 2024, 10:15 p.m. | 28\u00a0minutes ago \nDescription : supOS 5.0 allows api/image/download?fileName=../ directory traversal for reading files. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-05T00:47:29.000000Z"}, {"uuid": "019997ae-09d1-4992-9354-290bf4dfd669", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39935", "type": "seen", "source": "https://t.me/cvedetector/72", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39935 - jc21 NGINX Proxy Manager before 2.11.3 allows back\", \n  \"Content\": \"CVE ID : CVE-2024-39935 \nPublished : July 4, 2024, 9:15 p.m. | 39\u00a0minutes ago \nDescription : jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user (with certificate management privileges) via untrusted input to the DNS provider configuration. NOTE: this is not part of any NGINX software shipped by F5. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-04T23:57:19.000000Z"}, {"uuid": "d0d05ef6-e272-4cc5-826b-acec6f71a443", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39936", "type": "seen", "source": "https://t.me/cvedetector/71", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39936 - An issue was discovered in HTTP2 in Qt before 5.15\", \n  \"Content\": \"CVE ID : CVE-2024-39936 \nPublished : July 4, 2024, 9:15 p.m. | 39\u00a0minutes ago \nDescription : An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-04T23:57:18.000000Z"}, {"uuid": "90d639ed-4552-4413-8d4a-842062e46e9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39934", "type": "seen", "source": "https://t.me/cvedetector/68", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39934 - Robotmk before 2.0.1 allows a local user to escala\", \n  \"Content\": \"CVE ID : CVE-2024-39934 \nPublished : July 4, 2024, 7:15 p.m. | 27\u00a0minutes ago \nDescription : Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated Python environment setup is enabled, because the \"shared holotree usage\" feature allows any user to edit any Python environment. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-04T21:51:57.000000Z"}, {"uuid": "b589a6c3-956b-4d0e-91c0-777d231b3a6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39933", "type": "seen", "source": "https://t.me/cvedetector/60", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39933 - Gogs through 0.13.0 allows argument injection duri\", \n  \"Content\": \"CVE ID : CVE-2024-39933 \nPublished : July 4, 2024, 4:15 p.m. | 33\u00a0minutes ago \nDescription : Gogs through 0.13.0 allows argument injection during the tagging of a new release. \nSeverity: 7.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-04T18:56:15.000000Z"}, {"uuid": "b0b313be-9774-445a-b4d1-1ce7412d6fd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39930", "type": "seen", "source": "https://t.me/cvedetector/62", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39930 - The built-in SSH server of Gogs through 0.13.0 all\", \n  \"Content\": \"CVE ID : CVE-2024-39930 \nPublished : July 4, 2024, 4:15 p.m. | 33\u00a0minutes ago \nDescription : The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected. \nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-04T18:56:17.000000Z"}, {"uuid": "c5a5102d-32d4-4757-af01-c304fa2396bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39932", "type": "seen", "source": "https://t.me/cvedetector/61", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39932 - Gogs through 0.13.0 allows argument injection duri\", \n  \"Content\": \"CVE ID : CVE-2024-39932 \nPublished : July 4, 2024, 4:15 p.m. | 33\u00a0minutes ago \nDescription : Gogs through 0.13.0 allows argument injection during the previewing of changes. \nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-04T18:56:16.000000Z"}, {"uuid": "89f839b3-d781-4c1b-a8bf-7408e98ab512", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39930", "type": "seen", "source": "Telegram/HogYaaVw_64T2bfR3Bhxs0uYWj1f06U_DiFsjjv675CLjw", "content": "", "creation_timestamp": "2024-07-08T11:53:58.000000Z"}, {"uuid": "25e251a9-a82d-4a10-88f5-813ba0c7a836", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39930", "type": "seen", "source": "Telegram/BsDKi1NO35aX5jFw-nQrwozL1BDFKqIrJaNXO44sTuUJDa1q", "content": "", "creation_timestamp": "2024-07-08T13:16:59.000000Z"}, {"uuid": "85200440-ae9d-46c9-b463-9177796eafc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39932", "type": "seen", "source": "Telegram/BsDKi1NO35aX5jFw-nQrwozL1BDFKqIrJaNXO44sTuUJDa1q", "content": "", "creation_timestamp": "2024-07-08T13:16:59.000000Z"}, {"uuid": "14b08506-c399-44bc-a99d-442a7604d93a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39931", "type": "seen", "source": "Telegram/BsDKi1NO35aX5jFw-nQrwozL1BDFKqIrJaNXO44sTuUJDa1q", "content": "", "creation_timestamp": "2024-07-08T13:16:59.000000Z"}, {"uuid": "e164c53c-3af1-4eae-8c84-e7bd09fbf9ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39933", "type": "seen", "source": "Telegram/BsDKi1NO35aX5jFw-nQrwozL1BDFKqIrJaNXO44sTuUJDa1q", "content": "", "creation_timestamp": "2024-07-08T13:16:59.000000Z"}, {"uuid": "d69f64a5-0b1a-44f3-9596-4da3d7ef85bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39930", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/14554", "content": "The Hacker News\nCritical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git Service\n\nFour unpatched security flaws, including three critical ones, have been disclosed in the Gogs open-source, self-hosted Git service that could enable an authenticated attacker to breach susceptible instances, steal or wipe source code, and even plant backdoors.\nThe vulnerabilities, according to SonarSource researchers Thomas Chauchefoin and Paul Gerste, are listed below -\n\nCVE-2024-39930 (CVSS", "creation_timestamp": "2024-07-08T11:53:59.000000Z"}, {"uuid": "9ed50da9-9c76-4e1c-8704-f10aa8426f11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39930", "type": "seen", "source": "Telegram/H_XdvdQ0RFGa4W04r-OC96mZyJdL5Z0dOQUMX7vCpUHJ4Q", "content": "", "creation_timestamp": "2024-07-08T11:51:11.000000Z"}, {"uuid": "25938f33-ae3c-4d11-963e-053abb40cc5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39930", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/2841", "content": "The Hacker News\nCritical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git Service\n\nFour unpatched security flaws, including three critical ones, have been disclosed in the Gogs open-source, self-hosted Git service that could enable an authenticated attacker to breach susceptible instances, steal or wipe source code, and even plant backdoors.\nThe vulnerabilities, according to SonarSource researchers Thomas Chauchefoin and Paul Gerste, are listed below -\n\nCVE-2024-39930 (CVSS", "creation_timestamp": "2024-07-08T11:53:59.000000Z"}, {"uuid": "2b9ee6f1-f553-4f7c-aa84-9586ffd57d7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39930", "type": "seen", "source": "https://t.me/KomunitiSiber/2213", "content": "Critical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git Service\nhttps://thehackernews.com/2024/07/critical-vulnerabilities-disclosed-in.html\n\nFour unpatched security flaws, including three critical ones, have been disclosed in the Gogs open-source, self-hosted Git service that could enable an authenticated attacker to breach susceptible instances, steal or wipe source code, and even plant backdoors.\nThe vulnerabilities, according to SonarSource researchers Thomas Chauchefoin and Paul Gerste, are listed below -\n\nCVE-2024-39930 (CVSS", "creation_timestamp": "2024-07-08T11:13:36.000000Z"}, {"uuid": "fb8a875f-4359-410b-b996-9eaab9e3f80d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39930", "type": "seen", "source": "https://t.me/true_secator/5943", "content": "\u0412 git-\u0441\u0435\u0440\u0432\u0438\u0441\u0435 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u0445 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 Gogs \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0447\u0435\u0442\u044b\u0440\u0435 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0442\u0440\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS: 9,9.\n\n\u0421\u0440\u0435\u0434\u0438 \u043d\u0438\u0445:\n- CVE-2024-39930\u00a0(CVSS: 9,9, \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u0430 \u0432\u043e \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 SSH-\u0441\u0435\u0440\u0432\u0435\u0440),\n- CVE-2024-39931\u00a0(CVSS: 9,9, \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0445 \u0444\u0430\u0439\u043b\u043e\u0432), - CVE-2024-39932\u00a0(CVSS: 9,9, \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u0430 \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439), \n- CVE-2024-39933\u00a0(CVSS: 7,7, \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u0430 \u043f\u0440\u0438 \u043c\u0430\u0440\u043a\u0438\u0440\u043e\u0432\u043a\u0435 \u043d\u043e\u0432\u044b\u0445 \u0440\u0435\u043b\u0438\u0437\u043e\u0432).\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c SonarSource, \u0443\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u0435\u0440\u0432\u044b\u0445 \u0442\u0440\u0435\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 Gogs, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a \u0447\u0435\u0442\u0432\u0435\u0440\u0442\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0447\u0438\u0442\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e.\n\n\u0414\u0440\u0443\u0433\u0438\u043c\u0438 \u0441\u043b\u043e\u0432\u0430\u043c\u0438, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u044f\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438, \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c, \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0438\u043b\u0438 \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u043b\u044e\u0431\u043e\u0439 \u043a\u043e\u0434, \u043d\u0430\u0446\u0435\u043b\u0438\u0442\u044c\u0441\u044f \u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 \u0445\u043e\u0441\u0442\u044b, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Gogs, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0434\u0430\u0442\u044c \u0441\u0435\u0431\u044f \u0437\u0430 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0431\u043e\u043b\u044c\u0448\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0432\u0441\u0435 \u0447\u0435\u0442\u044b\u0440\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0434\u043b\u044f \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 CVE-2024-39930 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e, \u0447\u0442\u043e\u0431\u044b \u0431\u044b\u043b \u0432\u043a\u043b\u044e\u0447\u0435\u043d \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 SSH, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0441\u044f \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0439 \u0444\u0430\u0439\u043b env, \u0430 \u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430 \u0431\u044b\u043b \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0437\u0430\u043a\u0440\u044b\u0442\u044b\u0439 \u043a\u043b\u044e\u0447 SSH.\n\n\u0415\u0441\u043b\u0438 \u0432 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0435 Gogs \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u044f, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0441\u0442\u043e \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u0438 \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0432\u043e\u0439 \u043a\u043b\u044e\u0447 SSH.\n\n\u0412 \u043f\u0440\u043e\u0442\u0438\u0432\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043f\u0440\u0438\u0434\u0435\u0442\u0441\u044f \u0432\u0437\u043b\u043e\u043c\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u0443\u044e \u0443\u0447\u0435\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u0438\u043b\u0438 \u0443\u043a\u0440\u0430\u0441\u0442\u044c \u0437\u0430\u043a\u0440\u044b\u0442\u044b\u0439 \u043a\u043b\u044e\u0447 SSH \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u042d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b Gogs \u043d\u0430 Windows \u043d\u0435 \u043f\u043e\u0434\u0434\u0430\u044e\u0442\u0441\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u043a\u0430\u043a \u0438 \u043e\u0431\u0440\u0430\u0437 Docker.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0442\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u043d\u0430 Debian \u0438 Ubuntu, \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0438\u0437-\u0437\u0430 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0434\u0432\u043e\u0438\u0447\u043d\u044b\u0439 \u0444\u0430\u0439\u043b env \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u043e\u043f\u0446\u0438\u044e \"--split-string\".\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Shodan, \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u043e\u043a\u043e\u043b\u043e 7300 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Gogs, \u043f\u0440\u0438\u0447\u0435\u043c \u043f\u043e\u0447\u0442\u0438 60% \u0438\u0437 \u043d\u0438\u0445 \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0432 \u041a\u0438\u0442\u0430\u0435, \u0437\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u0421\u0428\u0410, \u0413\u0435\u0440\u043c\u0430\u043d\u0438\u044f, \u0420\u043e\u0441\u0441\u0438\u044f \u0438 \u0413\u043e\u043d\u043a\u043e\u043d\u0433.\n\n\u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043d\u0435\u044f\u0441\u043d\u043e, \u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u0437 \u044d\u0442\u0438\u0445 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u043a \u0432\u044b\u0448\u0435\u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u044b\u043c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c SonarSource \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043a\u0430 \u043d\u0435 \u0438\u043c\u0435\u0435\u0442 \u043d\u0438\u043a\u0430\u043a\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0435\u0439 \u043e \u0442\u043e\u043c, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u043b\u0438 \u044d\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u0432\u0435\u0441\u044c\u043c\u0430 \u0443\u0434\u0438\u0432\u0438\u043b\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0440\u0435\u0430\u043a\u0446\u0438\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u043f\u0440\u043e\u0435\u043a\u0442\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0442\u0430\u043a \u0438 \u043d\u0435 \u0432\u043d\u0435\u0441\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u043f\u0440\u0435\u043a\u0440\u0430\u0442\u0438\u0432 \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u0434\u0438\u0430\u043b\u043e\u0433, \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043e\u0442\u0447\u0435\u0442\u0430 28 \u0430\u043f\u0440\u0435\u043b\u044f 2023 \u0433\u043e\u0434\u0430.\n\n\u041f\u0440\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 SSH-\u0441\u0435\u0440\u0432\u0435\u0440, \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u044e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0438 \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0430 \u043d\u0430 Gitea.\n\nSonarSource \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u0430\u0442\u0447, \u043a\u043e\u0442\u043e\u0440\u044b\u0439, \u043f\u0440\u0430\u0432\u0434\u0430, \u043f\u043e \u0438\u0445 \u043f\u0440\u0438\u0437\u043d\u0430\u043d\u0438\u044e, \u0435\u0449\u0435 \u043d\u0435 \u0431\u044b\u043b \u0442\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0440\u043e\u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d. \u041d\u043e \u0445\u043e\u0442\u044f \u0431\u044b.", "creation_timestamp": "2024-07-08T12:33:12.000000Z"}, {"uuid": "760b660a-8f61-45e5-a4a3-2adcc6646250", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39932", "type": "seen", "source": "https://t.me/true_secator/5943", "content": "\u0412 git-\u0441\u0435\u0440\u0432\u0438\u0441\u0435 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u0445 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 Gogs \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0447\u0435\u0442\u044b\u0440\u0435 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0442\u0440\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS: 9,9.\n\n\u0421\u0440\u0435\u0434\u0438 \u043d\u0438\u0445:\n- CVE-2024-39930\u00a0(CVSS: 9,9, \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u0430 \u0432\u043e \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 SSH-\u0441\u0435\u0440\u0432\u0435\u0440),\n- CVE-2024-39931\u00a0(CVSS: 9,9, \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0445 \u0444\u0430\u0439\u043b\u043e\u0432), - CVE-2024-39932\u00a0(CVSS: 9,9, \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u0430 \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439), \n- CVE-2024-39933\u00a0(CVSS: 7,7, \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u0430 \u043f\u0440\u0438 \u043c\u0430\u0440\u043a\u0438\u0440\u043e\u0432\u043a\u0435 \u043d\u043e\u0432\u044b\u0445 \u0440\u0435\u043b\u0438\u0437\u043e\u0432).\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c SonarSource, \u0443\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u0435\u0440\u0432\u044b\u0445 \u0442\u0440\u0435\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 Gogs, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a \u0447\u0435\u0442\u0432\u0435\u0440\u0442\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0447\u0438\u0442\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e.\n\n\u0414\u0440\u0443\u0433\u0438\u043c\u0438 \u0441\u043b\u043e\u0432\u0430\u043c\u0438, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u044f\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438, \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c, \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0438\u043b\u0438 \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u043b\u044e\u0431\u043e\u0439 \u043a\u043e\u0434, \u043d\u0430\u0446\u0435\u043b\u0438\u0442\u044c\u0441\u044f \u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 \u0445\u043e\u0441\u0442\u044b, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Gogs, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0434\u0430\u0442\u044c \u0441\u0435\u0431\u044f \u0437\u0430 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0431\u043e\u043b\u044c\u0448\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0432\u0441\u0435 \u0447\u0435\u0442\u044b\u0440\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0434\u043b\u044f \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 CVE-2024-39930 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e, \u0447\u0442\u043e\u0431\u044b \u0431\u044b\u043b \u0432\u043a\u043b\u044e\u0447\u0435\u043d \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 SSH, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0441\u044f \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0439 \u0444\u0430\u0439\u043b env, \u0430 \u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430 \u0431\u044b\u043b \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0437\u0430\u043a\u0440\u044b\u0442\u044b\u0439 \u043a\u043b\u044e\u0447 SSH.\n\n\u0415\u0441\u043b\u0438 \u0432 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0435 Gogs \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u044f, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0441\u0442\u043e \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u0438 \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0432\u043e\u0439 \u043a\u043b\u044e\u0447 SSH.\n\n\u0412 \u043f\u0440\u043e\u0442\u0438\u0432\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043f\u0440\u0438\u0434\u0435\u0442\u0441\u044f \u0432\u0437\u043b\u043e\u043c\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u0443\u044e \u0443\u0447\u0435\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u0438\u043b\u0438 \u0443\u043a\u0440\u0430\u0441\u0442\u044c \u0437\u0430\u043a\u0440\u044b\u0442\u044b\u0439 \u043a\u043b\u044e\u0447 SSH \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u042d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b Gogs \u043d\u0430 Windows \u043d\u0435 \u043f\u043e\u0434\u0434\u0430\u044e\u0442\u0441\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u043a\u0430\u043a \u0438 \u043e\u0431\u0440\u0430\u0437 Docker.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0442\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u043d\u0430 Debian \u0438 Ubuntu, \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0438\u0437-\u0437\u0430 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0434\u0432\u043e\u0438\u0447\u043d\u044b\u0439 \u0444\u0430\u0439\u043b env \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u043e\u043f\u0446\u0438\u044e \"--split-string\".\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Shodan, \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u043e\u043a\u043e\u043b\u043e 7300 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Gogs, \u043f\u0440\u0438\u0447\u0435\u043c \u043f\u043e\u0447\u0442\u0438 60% \u0438\u0437 \u043d\u0438\u0445 \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0432 \u041a\u0438\u0442\u0430\u0435, \u0437\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u0421\u0428\u0410, \u0413\u0435\u0440\u043c\u0430\u043d\u0438\u044f, \u0420\u043e\u0441\u0441\u0438\u044f \u0438 \u0413\u043e\u043d\u043a\u043e\u043d\u0433.\n\n\u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043d\u0435\u044f\u0441\u043d\u043e, \u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u0437 \u044d\u0442\u0438\u0445 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u043a \u0432\u044b\u0448\u0435\u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u044b\u043c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c SonarSource \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043a\u0430 \u043d\u0435 \u0438\u043c\u0435\u0435\u0442 \u043d\u0438\u043a\u0430\u043a\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0435\u0439 \u043e \u0442\u043e\u043c, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u043b\u0438 \u044d\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u0432\u0435\u0441\u044c\u043c\u0430 \u0443\u0434\u0438\u0432\u0438\u043b\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0440\u0435\u0430\u043a\u0446\u0438\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u043f\u0440\u043e\u0435\u043a\u0442\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0442\u0430\u043a \u0438 \u043d\u0435 \u0432\u043d\u0435\u0441\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u043f\u0440\u0435\u043a\u0440\u0430\u0442\u0438\u0432 \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u0434\u0438\u0430\u043b\u043e\u0433, \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043e\u0442\u0447\u0435\u0442\u0430 28 \u0430\u043f\u0440\u0435\u043b\u044f 2023 \u0433\u043e\u0434\u0430.\n\n\u041f\u0440\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 SSH-\u0441\u0435\u0440\u0432\u0435\u0440, \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u044e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0438 \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0430 \u043d\u0430 Gitea.\n\nSonarSource \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u0430\u0442\u0447, \u043a\u043e\u0442\u043e\u0440\u044b\u0439, \u043f\u0440\u0430\u0432\u0434\u0430, \u043f\u043e \u0438\u0445 \u043f\u0440\u0438\u0437\u043d\u0430\u043d\u0438\u044e, \u0435\u0449\u0435 \u043d\u0435 \u0431\u044b\u043b \u0442\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0440\u043e\u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d. \u041d\u043e \u0445\u043e\u0442\u044f \u0431\u044b.", "creation_timestamp": "2024-07-08T12:33:12.000000Z"}, {"uuid": "ae32a2a9-b452-4c66-91e3-29f11cebff5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39931", "type": "seen", "source": "https://t.me/true_secator/5943", "content": "\u0412 git-\u0441\u0435\u0440\u0432\u0438\u0441\u0435 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u0445 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 Gogs \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0447\u0435\u0442\u044b\u0440\u0435 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0442\u0440\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS: 9,9.\n\n\u0421\u0440\u0435\u0434\u0438 \u043d\u0438\u0445:\n- CVE-2024-39930\u00a0(CVSS: 9,9, \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u0430 \u0432\u043e \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 SSH-\u0441\u0435\u0440\u0432\u0435\u0440),\n- CVE-2024-39931\u00a0(CVSS: 9,9, \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0445 \u0444\u0430\u0439\u043b\u043e\u0432), - CVE-2024-39932\u00a0(CVSS: 9,9, \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u0430 \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439), \n- CVE-2024-39933\u00a0(CVSS: 7,7, \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u0430 \u043f\u0440\u0438 \u043c\u0430\u0440\u043a\u0438\u0440\u043e\u0432\u043a\u0435 \u043d\u043e\u0432\u044b\u0445 \u0440\u0435\u043b\u0438\u0437\u043e\u0432).\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c SonarSource, \u0443\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u0435\u0440\u0432\u044b\u0445 \u0442\u0440\u0435\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 Gogs, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a \u0447\u0435\u0442\u0432\u0435\u0440\u0442\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0447\u0438\u0442\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e.\n\n\u0414\u0440\u0443\u0433\u0438\u043c\u0438 \u0441\u043b\u043e\u0432\u0430\u043c\u0438, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u044f\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438, \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c, \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0438\u043b\u0438 \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u043b\u044e\u0431\u043e\u0439 \u043a\u043e\u0434, \u043d\u0430\u0446\u0435\u043b\u0438\u0442\u044c\u0441\u044f \u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 \u0445\u043e\u0441\u0442\u044b, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Gogs, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0434\u0430\u0442\u044c \u0441\u0435\u0431\u044f \u0437\u0430 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0431\u043e\u043b\u044c\u0448\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0432\u0441\u0435 \u0447\u0435\u0442\u044b\u0440\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0434\u043b\u044f \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 CVE-2024-39930 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e, \u0447\u0442\u043e\u0431\u044b \u0431\u044b\u043b \u0432\u043a\u043b\u044e\u0447\u0435\u043d \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 SSH, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0441\u044f \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0439 \u0444\u0430\u0439\u043b env, \u0430 \u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430 \u0431\u044b\u043b \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0437\u0430\u043a\u0440\u044b\u0442\u044b\u0439 \u043a\u043b\u044e\u0447 SSH.\n\n\u0415\u0441\u043b\u0438 \u0432 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0435 Gogs \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u044f, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0441\u0442\u043e \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u0438 \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0432\u043e\u0439 \u043a\u043b\u044e\u0447 SSH.\n\n\u0412 \u043f\u0440\u043e\u0442\u0438\u0432\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043f\u0440\u0438\u0434\u0435\u0442\u0441\u044f \u0432\u0437\u043b\u043e\u043c\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u0443\u044e \u0443\u0447\u0435\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u0438\u043b\u0438 \u0443\u043a\u0440\u0430\u0441\u0442\u044c \u0437\u0430\u043a\u0440\u044b\u0442\u044b\u0439 \u043a\u043b\u044e\u0447 SSH \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u042d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b Gogs \u043d\u0430 Windows \u043d\u0435 \u043f\u043e\u0434\u0434\u0430\u044e\u0442\u0441\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u043a\u0430\u043a \u0438 \u043e\u0431\u0440\u0430\u0437 Docker.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0442\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u043d\u0430 Debian \u0438 Ubuntu, \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0438\u0437-\u0437\u0430 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0434\u0432\u043e\u0438\u0447\u043d\u044b\u0439 \u0444\u0430\u0439\u043b env \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u043e\u043f\u0446\u0438\u044e \"--split-string\".\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Shodan, \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u043e\u043a\u043e\u043b\u043e 7300 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Gogs, \u043f\u0440\u0438\u0447\u0435\u043c \u043f\u043e\u0447\u0442\u0438 60% \u0438\u0437 \u043d\u0438\u0445 \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0432 \u041a\u0438\u0442\u0430\u0435, \u0437\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u0421\u0428\u0410, \u0413\u0435\u0440\u043c\u0430\u043d\u0438\u044f, \u0420\u043e\u0441\u0441\u0438\u044f \u0438 \u0413\u043e\u043d\u043a\u043e\u043d\u0433.\n\n\u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043d\u0435\u044f\u0441\u043d\u043e, \u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u0437 \u044d\u0442\u0438\u0445 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u043a \u0432\u044b\u0448\u0435\u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u044b\u043c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c SonarSource \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043a\u0430 \u043d\u0435 \u0438\u043c\u0435\u0435\u0442 \u043d\u0438\u043a\u0430\u043a\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0435\u0439 \u043e \u0442\u043e\u043c, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u043b\u0438 \u044d\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u0432\u0435\u0441\u044c\u043c\u0430 \u0443\u0434\u0438\u0432\u0438\u043b\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0440\u0435\u0430\u043a\u0446\u0438\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u043f\u0440\u043e\u0435\u043a\u0442\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0442\u0430\u043a \u0438 \u043d\u0435 \u0432\u043d\u0435\u0441\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u043f\u0440\u0435\u043a\u0440\u0430\u0442\u0438\u0432 \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u0434\u0438\u0430\u043b\u043e\u0433, \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043e\u0442\u0447\u0435\u0442\u0430 28 \u0430\u043f\u0440\u0435\u043b\u044f 2023 \u0433\u043e\u0434\u0430.\n\n\u041f\u0440\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 SSH-\u0441\u0435\u0440\u0432\u0435\u0440, \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u044e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0438 \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0430 \u043d\u0430 Gitea.\n\nSonarSource \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u0430\u0442\u0447, \u043a\u043e\u0442\u043e\u0440\u044b\u0439, \u043f\u0440\u0430\u0432\u0434\u0430, \u043f\u043e \u0438\u0445 \u043f\u0440\u0438\u0437\u043d\u0430\u043d\u0438\u044e, \u0435\u0449\u0435 \u043d\u0435 \u0431\u044b\u043b \u0442\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0440\u043e\u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d. \u041d\u043e \u0445\u043e\u0442\u044f \u0431\u044b.", "creation_timestamp": "2024-07-08T12:33:12.000000Z"}, {"uuid": "a61aabe1-287b-49e1-86bf-c0bb12a4a20f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39933", "type": "seen", "source": "https://t.me/true_secator/5943", "content": "\u0412 git-\u0441\u0435\u0440\u0432\u0438\u0441\u0435 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u0445 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 Gogs \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0447\u0435\u0442\u044b\u0440\u0435 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0442\u0440\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS: 9,9.\n\n\u0421\u0440\u0435\u0434\u0438 \u043d\u0438\u0445:\n- CVE-2024-39930\u00a0(CVSS: 9,9, \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u0430 \u0432\u043e \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 SSH-\u0441\u0435\u0440\u0432\u0435\u0440),\n- CVE-2024-39931\u00a0(CVSS: 9,9, \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0445 \u0444\u0430\u0439\u043b\u043e\u0432), - CVE-2024-39932\u00a0(CVSS: 9,9, \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u0430 \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439), \n- CVE-2024-39933\u00a0(CVSS: 7,7, \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u0430 \u043f\u0440\u0438 \u043c\u0430\u0440\u043a\u0438\u0440\u043e\u0432\u043a\u0435 \u043d\u043e\u0432\u044b\u0445 \u0440\u0435\u043b\u0438\u0437\u043e\u0432).\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c SonarSource, \u0443\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u0435\u0440\u0432\u044b\u0445 \u0442\u0440\u0435\u0445 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 Gogs, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a \u0447\u0435\u0442\u0432\u0435\u0440\u0442\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0447\u0438\u0442\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e.\n\n\u0414\u0440\u0443\u0433\u0438\u043c\u0438 \u0441\u043b\u043e\u0432\u0430\u043c\u0438, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u044f\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438, \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c, \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0438\u043b\u0438 \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u043b\u044e\u0431\u043e\u0439 \u043a\u043e\u0434, \u043d\u0430\u0446\u0435\u043b\u0438\u0442\u044c\u0441\u044f \u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 \u0445\u043e\u0441\u0442\u044b, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Gogs, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0434\u0430\u0442\u044c \u0441\u0435\u0431\u044f \u0437\u0430 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0431\u043e\u043b\u044c\u0448\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0432\u0441\u0435 \u0447\u0435\u0442\u044b\u0440\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0434\u043b\u044f \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 CVE-2024-39930 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e, \u0447\u0442\u043e\u0431\u044b \u0431\u044b\u043b \u0432\u043a\u043b\u044e\u0447\u0435\u043d \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 SSH, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0441\u044f \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0439 \u0444\u0430\u0439\u043b env, \u0430 \u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430 \u0431\u044b\u043b \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0437\u0430\u043a\u0440\u044b\u0442\u044b\u0439 \u043a\u043b\u044e\u0447 SSH.\n\n\u0415\u0441\u043b\u0438 \u0432 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0435 Gogs \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u044f, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0441\u0442\u043e \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u0438 \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0432\u043e\u0439 \u043a\u043b\u044e\u0447 SSH.\n\n\u0412 \u043f\u0440\u043e\u0442\u0438\u0432\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043f\u0440\u0438\u0434\u0435\u0442\u0441\u044f \u0432\u0437\u043b\u043e\u043c\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u0443\u044e \u0443\u0447\u0435\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u0438\u043b\u0438 \u0443\u043a\u0440\u0430\u0441\u0442\u044c \u0437\u0430\u043a\u0440\u044b\u0442\u044b\u0439 \u043a\u043b\u044e\u0447 SSH \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u042d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b Gogs \u043d\u0430 Windows \u043d\u0435 \u043f\u043e\u0434\u0434\u0430\u044e\u0442\u0441\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u043a\u0430\u043a \u0438 \u043e\u0431\u0440\u0430\u0437 Docker.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0442\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u043d\u0430 Debian \u0438 Ubuntu, \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0438\u0437-\u0437\u0430 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0434\u0432\u043e\u0438\u0447\u043d\u044b\u0439 \u0444\u0430\u0439\u043b env \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u043e\u043f\u0446\u0438\u044e \"--split-string\".\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Shodan, \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u043e\u043a\u043e\u043b\u043e 7300 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Gogs, \u043f\u0440\u0438\u0447\u0435\u043c \u043f\u043e\u0447\u0442\u0438 60% \u0438\u0437 \u043d\u0438\u0445 \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0432 \u041a\u0438\u0442\u0430\u0435, \u0437\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u0421\u0428\u0410, \u0413\u0435\u0440\u043c\u0430\u043d\u0438\u044f, \u0420\u043e\u0441\u0441\u0438\u044f \u0438 \u0413\u043e\u043d\u043a\u043e\u043d\u0433.\n\n\u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043d\u0435\u044f\u0441\u043d\u043e, \u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u0437 \u044d\u0442\u0438\u0445 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u043a \u0432\u044b\u0448\u0435\u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u044b\u043c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c SonarSource \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043a\u0430 \u043d\u0435 \u0438\u043c\u0435\u0435\u0442 \u043d\u0438\u043a\u0430\u043a\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0435\u0439 \u043e \u0442\u043e\u043c, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u043b\u0438 \u044d\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u0432\u0435\u0441\u044c\u043c\u0430 \u0443\u0434\u0438\u0432\u0438\u043b\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0440\u0435\u0430\u043a\u0446\u0438\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u043f\u0440\u043e\u0435\u043a\u0442\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0442\u0430\u043a \u0438 \u043d\u0435 \u0432\u043d\u0435\u0441\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u043f\u0440\u0435\u043a\u0440\u0430\u0442\u0438\u0432 \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u0434\u0438\u0430\u043b\u043e\u0433, \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043e\u0442\u0447\u0435\u0442\u0430 28 \u0430\u043f\u0440\u0435\u043b\u044f 2023 \u0433\u043e\u0434\u0430.\n\n\u041f\u0440\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 SSH-\u0441\u0435\u0440\u0432\u0435\u0440, \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u044e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0438 \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0430 \u043d\u0430 Gitea.\n\nSonarSource \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u0430\u0442\u0447, \u043a\u043e\u0442\u043e\u0440\u044b\u0439, \u043f\u0440\u0430\u0432\u0434\u0430, \u043f\u043e \u0438\u0445 \u043f\u0440\u0438\u0437\u043d\u0430\u043d\u0438\u044e, \u0435\u0449\u0435 \u043d\u0435 \u0431\u044b\u043b \u0442\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0440\u043e\u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d. \u041d\u043e \u0445\u043e\u0442\u044f \u0431\u044b.", "creation_timestamp": "2024-07-08T12:33:12.000000Z"}, {"uuid": "2d5d9e73-e736-42e8-ac04-0fff1f023245", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39930", "type": "exploited", "source": "https://t.me/thehackernews/5217", "content": "Four unpatched Gogs Git flaws (CVE-2024-39930 to 39933) let attackers breach instances, steal/modify code, or plant backdoors. \n \nRead more: https://thehackernews.com/2024/07/critical-vulnerabilities-disclosed-in.html \n \n~7,300 exposed instances; 60% in China. Users urged to disable SSH and registration.", "creation_timestamp": "2024-07-08T09:06:41.000000Z"}, {"uuid": "317f3307-b13f-4d54-b16d-36413b3d92e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39937", "type": "seen", "source": "https://t.me/kasraone_com/709", "content": "\ud83d\udd34CVE \n\n    CVE-2024-39937\n\nLINK NEWS \n\n\u0627\u06cc\u0646 CVE \u0628\u0647 \u0645\u0634\u06a9\u0644 \u0627\u0645\u0646\u06cc\u062a\u06cc \u062e\u0627\u0635\u06cc \u062f\u0631 supOS 5.0 \u0627\u0634\u0627\u0631\u0647 \u062f\u0627\u0631\u062f \u06a9\u0647 \u0628\u0647 \u06a9\u0645\u06a9 \u0622\u0646 \u0627\u0641\u0631\u0627\u062f \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc API \u0628\u0627 \u067e\u0627\u0631\u0627\u0645\u062a\u0631 fileName=../ \u0628\u0647 \u062f\u0627\u06cc\u0631\u06a9\u062a\u0648\u0631\u06cc \u0647\u0627\u06cc \u062f\u06cc\u06af\u0631 \u062f\u0631 \u0633\u06cc\u0633\u062a\u0645 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u0646\u062f \u0648 \u0641\u0627\u06cc\u0644\u200c\u0647\u0627\u06cc \u0622\u0646 \u0631\u0627 \u0628\u062e\u0648\u0627\u0646\u0646\u062f. \u0627\u06cc\u0646 \u0645\u0634\u06a9\u0644 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0633\u0631\u0642\u062a \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062d\u0633\u0627\u0633 \u0645\u0646\u062c\u0631 \u0634\u0648\u062f \u0648 \u0646\u06cc\u0627\u0632\u0645\u0646\u062f \u0628\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0648 \u0631\u0641\u0639 \u0622\u0646 \u0627\u0633\u062a \u062a\u0627 \u0627\u0632 \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0622\u0646 \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0634\u0648\u062f.\n\napi/image/download?fileName=../ \n\n\n\n\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a0 \u2661 \u2800\u2800 \u3007\u2800\u00a0 \u2800 \u2399\u2800\u200c\u00a0 \u200c \u2332\u2063 \n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u02e1\u2071\u1d4f\u1d49\u00a0 \u1d9c\u1d52\u1d50\u1d50\u1d49\u207f\u1d57\u00a0\u00a0 \u02e2\u1d43\u1d5b\u1d49\u00a0 \u02e2\u02b0\u1d43\u02b3\u1d49\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 K1\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 kasraone", "creation_timestamp": "2024-07-11T12:03:43.000000Z"}]}