22 matches found
SUSE CVE-2026-26194
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...
Improper Authorization
code.gitea.io/gitea is vulnerable to improper authorization. The vulnerability is due to insufficient authorization checks when deleting releases, which allows an attacker to delete releases without proper permissions...
GO-2026-4617 Gogs: Release tag option injection in release deletion in gogs.io/gogs
Gogs: Release tag option injection in release deletion in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please sugge...
CVE-2026-26194
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...
Gogs: Release tag option injection in release deletion
Summary There is a security issue in Gogs where deleting a release can fail if a user-controlled tag name is passed to Git without the right separator, allowing Git option injection and therefore interfering with the process. Affected Component - internal/database/release.go process.ExecDir...,...
GHSA-V9VM-R24H-6RQM Gogs: Release tag option injection in release deletion
Summary There is a security issue in Gogs where deleting a release can fail if a user-controlled tag name is passed to Git without the right separator, allowing Git option injection and therefore interfering with the process. Affected Component - internal/database/release.go process.ExecDir...,...
CVE-2026-26194
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...
CVE-2026-26194
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...
CVE-2026-26194 Gogs: Release tag option injection in release deletion
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...
CVE-2026-26194
Gogs prior to v0.14.2 contains a vulnerability where deleting a release can fail when a user-controlled tag name is passed to git without the proper separator. This allows git options to be injected and can disrupt the process, impacting availability (and to a lesser extent confidentiality/integr...
CVE-2026-26194 Gogs: Release tag option injection in release deletion
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...
CVE-2026-26194 Gogs: Release tag option injection in release deletion
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...
PT-2026-23485
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.2 Description Gogs, a self-hosted Git service, has an issue where deleting a release can fail due to improper handling of user-controlled tag names passed to Git. Specifically, if a tag name begins with a dash, it c...
SUSE CVE-2025-68938
Gitea before 1.25.2 mishandles authorization for deletion of releases...
BIT-GITEA-2025-68938
Gitea before 1.25.2 mishandles authorization for deletion of releases...
GO-2025-4258 Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea
Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization when deleting releases. Remediation Upgrade code.gitea.io/gitea/services/release to version 1.25.2 or higher. References - Gitea Release - GitHub Commit - GitHub PR - GitHub PR - GitHub Release - Red Hat Bugzilla...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization when deleting releases. Remediation Upgrade github.com/go-gitea/gitea/services/release to version 1.25.2 or higher. References - Gitea Release - GitHub Commit - GitHub PR - GitHub PR - GitHub Release - Red Hat...
CVE-2025-68938
CVE-2025-68938 affects Gitea prior to 1.25.2, where the authorization for deleting releases is mishandled. The issue enables an attacker with minimal privileges to delete project releases, potentially leading to loss of assets and distribution history. Public references indicate the fix is in Git...
CVE-2025-68938
Gitea before 1.25.2 mishandles authorization for deletion of releases...