Lucene search
K

28 matches found

OSV
OSV
added 2024/08/20 8:29 p.m.66 views

GO-2023-1596 Gogs OS Command Injection vulnerability in gogs.io/gogs

Gogs OS Command Injection vulnerability in gogs.io/gogs...

9.8CVSS9.7AI score0.97839EPSS
Exploits1References6
Veracode
Veracode
added 2024/07/05 7:20 a.m.13 views

Command Injection

gogs.io/gogs is vulnerable to Command Injection. The vulnerability is caused due to inadequate input validation during the previewing of changes, allowing an attacker to inject arbitrary commands...

9.9CVSS6.9AI score0.1718EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2024/07/05 7:2 a.m.10 views

Command Injection

gogs.io/gogs is vulnerable to Command Injection. The vulnerability is caused by improper input validation or sanitization during the tagging process of a new release. Attackers can exploit this issue by injecting malicious commands or additional arguments into the tagging command, which may be...

7.7CVSS7.3AI score0.00689EPSS
Exploits1References2Affected Software2
Veracode
Veracode
added 2024/07/05 6:39 a.m.29 views

Remote Code Execution (RCE)

gogs.io/gogs is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of command-line arguments within the bundled ssh implementation internal/ssh/ssh.go. An attacker can exploit the vulnerability by sending a malicious --split-string env request through an SSH...

9.9CVSS7.5AI score0.07258EPSS
Exploits3References3Affected Software1
Veracode
Veracode
added 2022/06/09 7:55 a.m.28 views

Path Traversal

gogs.io/gogs is vulnerable to path traversal. The vulnerability exists in Clean function in pathutil.go due to lack of validations which allows a malicious attacker to delete and upload arbitrary files...

9.1CVSS8.8AI score0.02251EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2022/06/09 6:29 a.m.16 views

OS Command Injection

gogs.io/gogs is vulnerable to OS command injection. The vulnerability exists in isRepositoryGitPath function in repoeditor.go because the styles of os.PathSeparator are not checked properly which allows an attacker to inject and execute os commands...

9.8CVSS9.4AI score0.04483EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/06/08 12:0 a.m.38 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in gogs.io/gogs...

5.4CVSS2AI score0.00674EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/06/02 12:0 a.m.11 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in gogs.io/gogs...

2AI score
Exploits0References3Affected Software1
Rows per page
Query Builder