7 matches found
EUVD-2024-3608
Malicious code in bioql PyPI...
GO-2024-3356 Path Traversal in file update API in gogs in gogs.io/gogs
Path Traversal in file update API in gogs in gogs.io/gogs...
GHSA-QF5V-RP47-55GG Path Traversal in file update API in gogs
Impact The malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. Patches Writing files outside repository Git directory has been prohibited via the repository file update API https://github.com/gogs/gogs/pull/7859. Users should upgrade to 0.13...
Path Traversal in file update API in gogs
Impact The malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. Patches Writing files outside repository Git directory has been prohibited via the repository file update API https://github.com/gogs/gogs/pull/7859. Users should upgrade to 0.13...
CVE-2024-55947 Gogs has a Path Traversal in file update API
Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1...
CVE-2024-55947
Gogs self-hosted Git service affected up to version 0.13.3. CVE-2024-55947 enables path traversal via the PutContents API, allowing writing files to arbitrary server paths and potentially SSH access. The issue is fixed in 0.13.1; later advisories (CNAs) discuss bypass attempts and continued scrut...
CVE-2024-55947 Gogs has a Path Traversal in file update API
Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1...