Gogs 0.13.0 Release Candidate 1

CPE Details

Gogs 0.13.0 Release Candidate 1
gogs
gogs
0.13.0
2024-12-23
16h50 +00:00
2024-12-23
16h50 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gogs:gogs:0.13.0:rc1:*:*:*:*:*:*

Informations

Vendor

gogs

Product

gogs

Version

0.13.0

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-55947 2024-12-23 15h26 +00:00 Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1.
8.7
High
CVE-2024-54148 2024-12-23 15h22 +00:00 Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1.
8.7
High
CVE-2024-44625 2024-11-14 23h00 +00:00 Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go.
8.8
High
CVE-2024-39930 2024-07-03 22h00 +00:00 The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected.
9.9
Critical
CVE-2024-39931 2024-07-03 22h00 +00:00 Gogs through 0.13.0 allows deletion of internal files.
9.9
Critical
CVE-2024-39932 2024-07-03 22h00 +00:00 Gogs through 0.13.0 allows argument injection during the previewing of changes.
9.9
Critical
CVE-2024-39933 2024-07-03 22h00 +00:00 Gogs through 0.13.0 allows argument injection during the tagging of a new release.
7.7
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.