Lucene search

GitHub Advisory DatabaseGHSA-958J-443G-7MM7

HistoryJun 02, 2022 - 8:50 p.m.

OS Command Injection in gogs

2022-06-0220:50:21

CWE-78

GitHub Advisory Database

github.com

os command injection

gogs

ssh access

windows installations

repository upload

JSON

Impact

The malicious user is able to upload a crafted config file into repository’s .git directory with to gain SSH access to the server. All Windows installations with repository upload enabled (default) are affected.

Patches

Repository file uploads are prohibited to its .git directory. Users should upgrade to 0.12.8 or the latest 0.13.0+dev.

Workarounds

Disable repository files upload.

References

https://www.huntr.dev/bounties/9cd4e7b7-0979-4e5e-9a1c-388b58dea76b/

For more information

If you have any questions or comments about this advisory, please post on #6968.

Affected configurations

Vulners

Node

gogs.iogogsRange<0.12.8

VendorProductVersionCPE
gogs.iogogs*cpe:2.3:a:gogs.io:gogs:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gogs.io	gogs	*	cpe:2.3:a:gogs.io:gogs::::::::

References

github.com/advisories/GHSA-958j-443g-7mm7

github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129

github.com/gogs/gogs/issues/6968

github.com/gogs/gogs/pull/6970

github.com/gogs/gogs/releases/tag/v0.12.8

github.com/gogs/gogs/security/advisories/GHSA-958j-443g-7mm7

www.huntr.dev/bounties/9cd4e7b7-0979-4e5e-9a1c-388b58dea76b/

JSON

Related for GHSA-958J-443G-7MM7