CVE-2022-1993

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9...

CVE-2022-1884 Remote Command Execution in gogs/gogs

A remote command execution vulnerability exists in gogs/gogs versions =0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the treepath parameter during file uploads. An attacker can set treepath=.git. to upload a file into the .git directory, allowing...

OS Command Injection

github.com/gogs/gogs is vulnerable to OS Command Injection. The vulnerability exists because the isRepositoryGitPath function of repoeditor.go does not properly check the git path on case-insensitive file systems, which allows an attacker to upload malicious file configs into the system...

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11...

CVE-2022-2024

Vulnerability summary (CVE-2022-2024) : Gogs (gogs/gogs) versions prior to 0.12.11 are affected by an OS Command Injection in the repository file upload path. The issue arises when a crafted config file is placed into a repository’s .git directory during uploads, enabling remote command execution...

CVE-2022-2024 OS Command Injection in gogs/gogs

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11...

CVE-2022-1993

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9...

CVE-2022-1986 OS Command Injection in gogs/gogs

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9...

CVE-2022-1285 Server-Side Request Forgery (SSRF) in gogs/gogs

Server-Side Request Forgery SSRF in GitHub repository gogs/gogs prior to 0.12.8...

CVE-2022-1285 Server-Side Request Forgery (SSRF) in gogs/gogs

Server-Side Request Forgery SSRF in GitHub repository gogs/gogs prior to 0.12.8...

CVE-2022-1285

Server-Side Request Forgery SSRF in GitHub repository gogs/gogs prior to 0.12.8...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public, any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account...

CVE-2022-0415

Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6...

CVE-2022-0415 Remote Command Execution in uploading repository file in gogs/gogs

Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6...

CVE-2022-0415

Gogs (Go Git Service) before version 0.12.6 is vulnerable to Remote Command Execution via uploading a repository file. The issue allows an attacker to execute arbitrary commands on the server through the repository upload process in gogs/gogs, potentially leading to full system compromise. The fi...

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF in GitHub repository gogs/gogs prior to 0.12.5...

CVE-2022-0870

Gogs (gogs/gogs) prior to version 0.12.5 is affected by a Server-Side Request Forgery (SSRF) vulnerability in the repository migration logic. The issue enables an attacker to trigger SSRF via the affected migration pathway, with reachable impact limited to information exposure or unauthorized int...

CVE-2022-0871

Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5...