Gogs has arbitrary file read/write via Path Traversal in Git hook editing

Vulnerability Description In the endpoint: /username/reponame/settings/hooks/git/:name the :name parameter: Is URL-decoded by macaron routing, allowing decoded slashes / Is then passed directly to: go git.Repository.Hook"customhooks", name which internally resolves the path as: go...

Gogs 路径遍历漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions prior to 0.13.3 have a path traversal vulnerability; this...