logo

Database

OS Command Injection In gogs.io/gogs

Description

OS Command Injection in file editor in Gogs

Impact

The malicious user is able to update a crafted config file into repository's .git directory in combination with crafted file deletion to gain SSH access to the server. All installations with repository upload enabled (default) are affected.

Patches

File deletions are prohibited to repository's .git directory. Users should upgrade to 0.12.9 or the latest 0.13.0+dev.

Workarounds

N/A

References

https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930/

For more information

If you have any questions or comments about this advisory, please post on #7000.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-19862. NVD-2022-19863. OSV-2022-19864. GHSA-67mx-jc2f-jgjm5. GCVE-2022-1986

References

1. https://github.com/gogs/gogs/security/advisories/GHSA-67mx-jc2f-jgjm2. https://github.com/gogs/gogs/commit/38aff73251cc46ced96dd608dab6190415032a823. https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L1294. https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.