cbcvebase.
CVE-2022-2024
published 2023-02-25

CVE-2022-2024: OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.

PriorityP275critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
97.84%
99.9th percentile
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.

Affected

18 ranges
VendorProductVersion rangeFixed in
gogs.iogogs>= 0 < 0.12.110.12.11
gogsgogs< 0.12.110.12.11
gogsgogs_gogs>= unspecified < 0.12.110.12.11
libarchivelibarchive>= 0 < 3.4.0-2ubuntu1.33.4.0-2ubuntu1.3
libarchivelibarchive>= 0 < 3.6.0-1ubuntu1.23.6.0-1ubuntu1.2
libarchivelibarchive>= 0 < 3.7.2-2ubuntu0.23.7.2-2ubuntu0.2
libarchivelibarchive>= 0 < 3.1.2-7ubuntu2.8+esm33.1.2-7ubuntu2.8+esm3
libarchivelibarchive>= 0 < 3.1.2-11ubuntu0.16.04.8+esm13.1.2-11ubuntu0.16.04.8+esm1
libarchivelibarchive>= 0 < 3.2.2-3.1ubuntu0.7+esm13.2.2-3.1ubuntu0.7+esm1
linuxlinux_kernel>= 0 < 4.15.0-246.2584.15.0-246.258
msrcmicrosoft_visual_studio_2022_version_17.4
msrcmicrosoft_visual_studio_2022_version_17.6
msrcmicrosoft_visual_studio_2022_version_17.8
msrcmicrosoft_visual_studio_2022_version_17.9
msrcnet_7.0
msrcnet_8.0
msrcpowershell_7.3
msrcpowershell_7.4

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.