CVE-2022-2024
published 2023-02-25CVE-2022-2024: OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.
PriorityP275critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
97.84%
99.9th percentile
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gogs.io | gogs | >= 0 < 0.12.11 | 0.12.11 |
| gogs | gogs | < 0.12.11 | 0.12.11 |
| gogs | gogs_gogs | >= unspecified < 0.12.11 | 0.12.11 |
| libarchive | libarchive | >= 0 < 3.4.0-2ubuntu1.3 | 3.4.0-2ubuntu1.3 |
| libarchive | libarchive | >= 0 < 3.6.0-1ubuntu1.2 | 3.6.0-1ubuntu1.2 |
| libarchive | libarchive | >= 0 < 3.7.2-2ubuntu0.2 | 3.7.2-2ubuntu0.2 |
| libarchive | libarchive | >= 0 < 3.1.2-7ubuntu2.8+esm3 | 3.1.2-7ubuntu2.8+esm3 |
| libarchive | libarchive | >= 0 < 3.1.2-11ubuntu0.16.04.8+esm1 | 3.1.2-11ubuntu0.16.04.8+esm1 |
| libarchive | libarchive | >= 0 < 3.2.2-3.1ubuntu0.7+esm1 | 3.2.2-3.1ubuntu0.7+esm1 |
| linux | linux_kernel | >= 0 < 4.15.0-246.258 | 4.15.0-246.258 |
| msrc | microsoft_visual_studio_2022_version_17.4 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.6 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.8 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.9 | — | — |
| msrc | net_7.0 | — | — |
| msrc | net_8.0 | — | — |
| msrc | powershell_7.3 | — | — |
| msrc | powershell_7.4 | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux, linux-aws, linux-aws-hwe, linux-hwe, linux-kvm, linux-oracle vulnerabilities
osv·2026-01-29·CVSS 5.5
CVE-2022-48986 linux, linux-aws, linux-aws-hwe, linux-hwe, linux-kvm, linux-oracle vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-hwe, linux-kvm, linux-oracle vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
- NVME drivers;
- File systems infrastructure;
- Timer subsystem;
- Memory management;
- Packet sockets;
(CVE-2022-48986, CVE-2024-27078, CVE-2024-49959, CVE-2024-50195,
CVE-2024-56606, CVE-2024-56756, CVE-2025-39993)
OSV
libarchive vulnerabilities
osv·2024-10-16·CVSS 9.8
CVE-2022-36227 libarchive vulnerabilities
libarchive vulnerabilities
It was discovered that libarchive mishandled certain memory checks,
which could result in a NULL pointer dereference. An attacker could
potentially use this issue to cause a denial of service. This issue
only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-36227)
It was discovered that libarchive mishandled certain memory operations,
which could result in an out-of-bounds memory access. An attacker could
potentially use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2024-48957, CVE-2024-48958)
OSV
Gogs OS Command Injection vulnerability in gogs.io/gogs
osv·2024-08-20
CVE-2022-2024 Gogs OS Command Injection vulnerability in gogs.io/gogs
Gogs OS Command Injection vulnerability in gogs.io/gogs
Gogs OS Command Injection vulnerability in gogs.io/gogs
OSV
linux-aws-5.4 vulnerabilities
osv·2024-07-10·CVSS 6.5
CVE-2022-0001 linux-aws-5.4 vulnerabilities
linux-aws-5.4 vulnerabilities
Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida
discovered that the Linux kernel mitigations for the initial Branch History
Injection vulnerability (CVE-2022-0001) were insufficient for Intel
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2024-2201)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Netfilter;
(CVE-2024-26925, CVE-2024-26643)
GHSA
Gogs OS Command Injection vulnerability
ghsa·2023-02-28
CVE-2022-2024 [CRITICAL] CWE-78 Gogs OS Command Injection vulnerability
Gogs OS Command Injection vulnerability
### Impact
The malicious user is able to update a crafted `config` file into repository's `.git` directory in combination with crafted file deletion to gain SSH access to the server on case-insensitive file systems. All installations with [repository upload enabled (default)](https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129) on case-insensitive file systems (Windows, macOS, etc.) are affected.
### Patches
Make sanitization of upload path to `.git` directory to be case-insensitive. Users should upgrade to 0.12.11 or the latest 0.13.0+dev.
### Workarounds
Disable [repository upload](https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129).
### References
OSV
Gogs OS Command Injection vulnerability
osv·2023-02-28
CVE-2022-2024 [CRITICAL] Gogs OS Command Injection vulnerability
Gogs OS Command Injection vulnerability
### Impact
The malicious user is able to update a crafted `config` file into repository's `.git` directory in combination with crafted file deletion to gain SSH access to the server on case-insensitive file systems. All installations with [repository upload enabled (default)](https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129) on case-insensitive file systems (Windows, macOS, etc.) are affected.
### Patches
Make sanitization of upload path to `.git` directory to be case-insensitive. Users should upgrade to 0.12.11 or the latest 0.13.0+dev.
### Workarounds
Disable [repository upload](https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129).
### References
Palo Alto
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2024-09-04·CVSS 6.0
CVE-2022-22965 [MEDIUM] PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2010-1622, CVE-2015-7552, CVE-2018-16840, CVE-2019-7639, CVE-2020-17049, CVE-2020-7774, CVE-2021-0131, CVE-2021-0132, CVE-2021-0133, CVE-2021-0134, CVE-2021-4044, CVE-2021-4160, CVE-2021-41773, CVE-2022-1343, CVE-2022-21449, CVE-2022-2274, CVE-2022-22963, CVE-2022-22965, CVE-2022-24697, CVE-2022-32207, CVE-2022-3358, CVE-2022-3996, CVE-2022-40664, CVE-2022-44792, CVE-2022-44793, CVE-2023-1255, CVE-2023-22809, CVE-2023-23919, CVE-2023-3341, CVE-2023-4236, CVE-2023-4863, CVE-2023-51767
Affected products: PAN-OS
Microsoft
.NET and Visual Studio Denial of Service Vulnerability
vendor_msrc·2024-03-12·CVSS 7.5
CVE-2024-21392 [HIGH] CWE-400 .NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
.NET: .NET
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
Remediation: Release Notes
Reference: https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.9
Reference: https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes
Reference: https://github.com/PowerShell/Announcements/issues/59
Reference: https://dotnet.microsoft.com/en-us/download/dotnet/7.0
Reference: https://support.microsoft.com/help/5036451
Reference: https://dotnet.microsoft.com/en-us/download/dotnet/8.0
Reference: https://support.microsoft.com/help/5036452
Reference: https://my.visualstudio
Suricata
ET EXPLOIT Possible SAP NetWeaver SQL Injection Attempt Inbound (CVE-2016-2386)
suricata·2022-08-31·CVSS 9.8
CVE-2016-2386 [CRITICAL] ET EXPLOIT Possible SAP NetWeaver SQL Injection Attempt Inbound (CVE-2016-2386)
ET EXPLOIT Possible SAP NetWeaver SQL Injection Attempt Inbound (CVE-2016-2386)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Possible SAP NetWeaver SQL Injection Attempt Inbound (CVE-2016-2386)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/UDDISecurityImplBean"; fast_pattern; http.request_body; content:""; pcre:"/^[^\x3c]{,100}\x27/Ri"; reference:cve,2016-2386; classtype:attempted-admin; sid:2038696; rev:2; metadata:attack_target Server, created_at 2022_08_31, cve CVE_2016_2386, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, tag CISA_KEV, updated_at 2024_03_08, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_P
Suricata
ET EXPLOIT [ConnectWise CRU] Java ECDSA (Psychic) TLS Signature (CVE-2022-21449)
suricata·2022-04-26·CVSS 7.5
CVE-2022-21449 [HIGH] ET EXPLOIT [ConnectWise CRU] Java ECDSA (Psychic) TLS Signature (CVE-2022-21449)
ET EXPLOIT [ConnectWise CRU] Java ECDSA (Psychic) TLS Signature (CVE-2022-21449)
Rule: alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT [ConnectWise CRU] Java ECDSA (Psychic) TLS Signature (CVE-2022-21449)"; flow:established,to_client; tls.certs; content:"|04 03 00 08 30 06 02 01 00 02 01 00|"; tag:session,5,packets; reference:url,github.com/thack1/CVE-2022-21449; reference:cve,2022-21449; classtype:targeted-activity; sid:2036377; rev:3; metadata:created_at 2022_04_26, cve CVE_2022_21449, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_25;)
Suricata
ET EXPLOIT Possible SpringCore RCE/Spring4Shell Inbound (CVE-2022-22965)
suricata·2022-03-31·CVSS 9.8
CVE-2022-22965 [CRITICAL] ET EXPLOIT Possible SpringCore RCE/Spring4Shell Inbound (CVE-2022-22965)
ET EXPLOIT Possible SpringCore RCE/Spring4Shell Inbound (CVE-2022-22965)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Possible SpringCore RCE/Spring4Shell Inbound (CVE-2022-22965)"; flow:established,to_server; http.request_body; content:"pipeline.first.pattern="; fast_pattern; content:"pipeline.first.suffix="; content:"pipeline.first.directory="; content:"pipeline.first.prefix="; classtype:attempted-admin; sid:2035678; rev:3; metadata:attack_target Server, created_at 2022_03_31, cve CVE_2022_22965, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, tag CISA_KEV, updated_at 2024_03_08, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_
No public exploits indexed.
Checkpoint
31st October – Threat Intelligence Report
blogs_checkpoint·2022-10-31
CVE-2022-3723 31st October – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 31st October – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 31st October, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
US-based communications company Twilio has disclosed a new data breach that occurred on June 2022 allegedly by the same threat actors behind the August hack. The hackers have used voice phishing to trick a Twilio employee into handling over their credentials, which the hackers then used to access customer information.
Cu
Checkpoint
10th October – Threat Intelligence Report
blogs_checkpoint·2022-10-10
CVE-2022-41352 10th October – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 10th October – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 10th October, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
CommonSpirit Health, the second-largest nonprofit hospital chain in the U.S with 140 hospitals and over 1,000 facilities in 21 states, suffered a cybersecurity incident that disrupted medical services across the country. Facilities in Iowa, Nebraska, Tennessee and Washington were among those affected. The nature of the at
Checkpoint
28th June – Threat Intelligence Report
blogs_checkpoint·2021-06-28
CVE-2021-21998 28th June – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 28th June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 28th June, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Russian-based threat group Nobelium is using password spraying and brute force attacks to gain access to corporate networks. The group, which was behind the SolarWinds supply-chain attack, deployed an information-stealing Trojan on a Microsoft customer support agent’s computer to steal information. Over half of the targets were
2023-02-25
Published