22 matches found
SUSE CVE-2026-26194
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...
Improper Authorization
code.gitea.io/gitea is vulnerable to improper authorization. The vulnerability is due to insufficient authorization checks when deleting releases, which allows an attacker to delete releases without proper permissions...
GO-2026-4617 Gogs: Release tag option injection in release deletion in gogs.io/gogs
Gogs: Release tag option injection in release deletion in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please sugge...
CVE-2026-26194
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...
Gogs: Release tag option injection in release deletion
Summary There is a security issue in Gogs where deleting a release can fail if a user-controlled tag name is passed to Git without the right separator, allowing Git option injection and therefore interfering with the process. Affected Component - internal/database/release.go process.ExecDir...,...
GHSA-V9VM-R24H-6RQM Gogs: Release tag option injection in release deletion
Summary There is a security issue in Gogs where deleting a release can fail if a user-controlled tag name is passed to Git without the right separator, allowing Git option injection and therefore interfering with the process. Affected Component - internal/database/release.go process.ExecDir...,...
CVE-2026-26194
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...
CVE-2026-26194 Gogs: Release tag option injection in release deletion
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...
CVE-2026-26194 Gogs: Release tag option injection in release deletion
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...
CVE-2026-26194
Gogs prior to v0.14.2 contains a vulnerability where deleting a release can fail when a user-controlled tag name is passed to git without the proper separator. This allows git options to be injected and can disrupt the process, impacting availability (and to a lesser extent confidentiality/integr...
CVE-2026-26194
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...
CVE-2026-26194 Gogs: Release tag option injection in release deletion
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...
PT-2026-23485
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.2 Description Gogs, a self-hosted Git service, has an issue where deleting a release can fail due to improper handling of user-controlled tag names passed to Git. Specifically, if a tag name begins with a dash, it c...
SUSE CVE-2025-68938
Gitea before 1.25.2 mishandles authorization for deletion of releases...
BIT-GITEA-2025-68938
Gitea before 1.25.2 mishandles authorization for deletion of releases...
GO-2025-4258 Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea
Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization when deleting releases. Remediation Upgrade code.gitea.io/gitea/services/release to version 1.25.2 or higher. References - Gitea Release - GitHub Commit - GitHub PR - GitHub PR - GitHub Release - Red Hat Bugzilla...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization when deleting releases. Remediation Upgrade github.com/go-gitea/gitea/services/release to version 1.25.2 or higher. References - Gitea Release - GitHub Commit - GitHub PR - GitHub PR - GitHub Release - Red Hat...
CVE-2025-68938
Gitea before 1.25.2 mishandles authorization for deletion of releases...
EUVD-2025-205406
Gitea before 1.25.2 mishandles authorization for deletion of releases...