FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gogs -- Multiple vulnerabilities

Affected packages
gogs < 0.13.0

Details

VuXML ID 0230343c-1908-11f0-accc-b42e991fc52e
Discovery 2024-11-15
Entry 2025-04-14

cve@mitre.org reports:

CVE-2024-44625: Directory Traversal via the editFilePost function of internal/route/repo/editor.go.

CVE-2024-39933: Gogs allows argument injection during the tagging of a new release.

CVE-2024-39932: Gogs allows argument injection during the previewing of changes.

CVE-2024-39931: Gogs allows deletion of internal files.

CVE-2024-39930: The built-in SSH server of Gogs allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated.

[source]

References

CVE Name CVE-2024-39930
CVE Name CVE-2024-39931
CVE Name CVE-2024-39932
CVE Name CVE-2024-39933
CVE Name CVE-2024-44625
URL https://nvd.nist.gov/vuln/detail/CVE-2024-39930
URL https://nvd.nist.gov/vuln/detail/CVE-2024-39931
URL https://nvd.nist.gov/vuln/detail/CVE-2024-39932
URL https://nvd.nist.gov/vuln/detail/CVE-2024-39933
URL https://nvd.nist.gov/vuln/detail/CVE-2024-44625

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.