28 matches found
GO-2023-1596 Gogs OS Command Injection vulnerability in gogs.io/gogs
Gogs OS Command Injection vulnerability in gogs.io/gogs...
Command Injection
gogs.io/gogs is vulnerable to Command Injection. The vulnerability is caused due to inadequate input validation during the previewing of changes, allowing an attacker to inject arbitrary commands...
Command Injection
gogs.io/gogs is vulnerable to Command Injection. The vulnerability is caused by improper input validation or sanitization during the tagging process of a new release. Attackers can exploit this issue by injecting malicious commands or additional arguments into the tagging command, which may be...
Remote Code Execution (RCE)
gogs.io/gogs is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of command-line arguments within the bundled ssh implementation internal/ssh/ssh.go. An attacker can exploit the vulnerability by sending a malicious --split-string env request through an SSH...
Path Traversal
gogs.io/gogs is vulnerable to path traversal. The vulnerability exists in Clean function in pathutil.go due to lack of validations which allows a malicious attacker to delete and upload arbitrary files...
OS Command Injection
gogs.io/gogs is vulnerable to OS command injection. The vulnerability exists in isRepositoryGitPath function in repoeditor.go because the styles of os.PathSeparator are not checked properly which allows an attacker to inject and execute os commands...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in gogs.io/gogs...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in gogs.io/gogs...