CVE-2024-39931Files or Directories Accessible to External Parties in Gogs

CWE-552Files or Directories Accessible to External Parties8 documents3 sources
Severity
9.9CRITICALNVD
NVD9.8
EPSS
7.2%
top 8.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GogsGogs.io GogsGithub.com Gogs Gogs
Timeline
PublishedJul 4
Latest updateJun 24

Description

Gogs through 0.13.0 allows deletion of internal files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages4 packages

CVEListV5gogs/gogs< 0.14.0+dev+2
NVDgogs/gogs< 0.13.3+1
Gogogs.io/gogs< 0.13.1+1

🔴Vulnerability Details

6
OSV
Gogs allows deletion of internal files which leads to remote command execution2025-06-24
GHSA
Gogs allows deletion of internal files which leads to remote command execution2025-06-24
OSV
Gogs allows deletion of internal files2024-12-23
GHSA
Gogs allows deletion of internal files2024-12-23
OSV
Gogs allows deletion of internal files in github.com/gogs/gogs2024-07-09