4 matches found
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection in the UpdateRepoFile function. An attacker can execute arbitrary system commands by updating files within the .git directory remotely via API router. This vulnerability is a bypass for the one addressed in...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection in the UpdateRepoFile function. An attacker can execute arbitrary system commands by updating files within the .git directory remotely via API router. This vulnerability is a bypass for the one addressed in...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection in the UpdateRepoFile function. An attacker can execute arbitrary system commands by updating files within the .git directory remotely via API router. This vulnerability is a bypass for the one addressed in...
OS Command Injection
github.com/gogs/gogs is vulnerable to OS command injection. The vulnerability exists only in windows when the repository upload is enabled, allowing an attacker to upload maliciously crafted config file to the UpdateRepoFile function of repoeditor.go and gain SSH access to the server...