Gogs <= 0.13.3 - Remote Code Execution

Gogs self-hosted Git service versions 0.13.3 and earlier contain a critical symlink bypass vulnerability that circumvents the fix for CVE-2024-55947. Authenticated users can exploit improper symbolic link handling in the PutContents API to overwrite files outside the repository by committing a...

GO-2026-4454 Gogs vulnerable to Stored XSS via Mermaid diagrams in gogs.io/gogs

Gogs vulnerable to Stored XSS via Mermaid diagrams in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest a...

PT-2023-9257 · Gogs · Gogs

Name of the Vulnerable Software and Affected Versions: Gogs versions 0.13.0 and earlier Description: The issue allows an attacker to delete or modify arbitrary files on a vulnerable Gogs server. This can be exploited by a remote attacker. Unprivileged user accounts can execute arbitrary commands ...

Gogs Repository Search SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Unauthenticated SQL Injection in Gogs repository search ======================================================= Researcher: Timo Schmid Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. taken from 1 I...