Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-0415Improper Input Validation in Gogs

CWE-20Improper Input ValidationCWE-434Unrestricted File Upload6 documents4 sources
Severity
8.8HIGHNVD
EPSS
89.6%
top 0.44%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Gogs GogsGogs.io GogsGogs
Timeline
PublishedMar 21
Latest updateAug 21

Description

Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDgogs/gogs< 0.12.6
Gogogs.io/gogs< 0.12.6
CVEListV5gogs/gogs_gogsunspecified0.12.6

Patches

Patch: github.comPatch: huntr.devPatch: github.com

🔴Vulnerability Details

4
OSV
Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs2024-08-21
GHSA
Unrestricted Upload of File with Dangerous Type in Gogs2022-03-28
OSV
Unrestricted Upload of File with Dangerous Type in Gogs2022-03-28
OSV
CVE-2022-0415: Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 02022-03-21

💥Exploits & PoCs

1
Nuclei
Gogs <0.12.6 - Remote Command Execution