OS Command Injection in file editor in Gogs

Impact The malicious user is able to update a crafted config file into repository's .git directory in combination with crafted file deletion to gain SSH access to the server. All installations with repository upload enabled default are affected. Patches File deletions are prohibited to repository...

PT-2022-13488 · Gogs · Gogs

Name of the Vulnerable Software and Affected Versions: gogs versions prior to 0.12.5 Description: The issue is related to Server-Side Request Forgery SSRF in the repository migration functionality of gogs. This allows a malicious user to discover services in the internal network. All installation...