Lucene search
+L

6 matches found

OSV
OSV
added 2026/06/23 5:12 p.m.5 views

GHSA-XP79-5MX3-JX52 Gogs has Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)

The Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new goroutine without enforcing any read/write deadlines on the underlyin...

6.9CVSS5.9AI score0.00547EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-3615

Malicious code in bioql PyPI...

9.9CVSS6.5AI score0.07258EPSS
Exploits3References6
RedhatCVE
RedhatCVE
added 2025/02/04 11:15 p.m.5 views

CVE-2024-39930

The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated...

9.9CVSS9.8AI score0.07258EPSS
Exploits3References1
OSV
OSV
added 2024/12/23 8:38 p.m.9 views

GHSA-VM62-9JW3-C8W3 Gogs has an argument Injection in the built-in SSH server

Impact When the built-in SSH server is enabled server STARTSSHSERVER = true, unprivileged user accounts with at least one SSH key can execute arbitrary commands on the Gogs instance with the privileges of the user specified by RUNUSER in the configuration. It allows attackers to access and alter...

9.9CVSS9.8AI score0.07258EPSS
Exploits3References4
Vulnrichment
Vulnrichment
added 2024/07/04 12:0 a.m.19 views

CVE-2024-39930

The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated...

9.9CVSS8.1AI score0.07258EPSS
Exploits3References3
OSV
OSV
added 2024/07/04 12:0 a.m.9 views

CVE-2024-39930

The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated...

9.9CVSS7.7AI score0.07258EPSS
Exploits3References5
Rows per page
Query Builder