logo

Database

Lack of data validation - Path Traversal In gogs.io/gogs

Description

Remote Code Execution in Gogs Gogs <0.13.2 is vulnerable to symbolic link path traversal that enables remote code execution via the editFilePost function of internal/route/repo/editor.go.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2024-446252. NVD-2024-446253. OSV-2024-446254. GCVE-2024-44625

References

1. https://fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogs2. https://gogs.io3. https://pkg.go.dev/vuln/GO-2024-32754. https://github.com/Fysac/CVE-2024-44625

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.