CVE-2024-44625
published 2024-11-15CVE-2024-44625: Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go.
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
14.95%
96.3th percentile
Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gogs.io | gogs | >= 0 < 0.13.2 | 0.13.2 |
| gogs | gogs | <= 0.13.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Unpatched Remote Code Execution in Gogs in gogs.io/gogs
osv·2024-11-19
CVE-2024-44625 Unpatched Remote Code Execution in Gogs in gogs.io/gogs
Unpatched Remote Code Execution in Gogs in gogs.io/gogs
Unpatched Remote Code Execution in Gogs in gogs.io/gogs
OSV
Remote Code Execution in Gogs
osv·2024-11-15
CVE-2024-44625 [HIGH] Remote Code Execution in Gogs
Remote Code Execution in Gogs
Gogs <0.13.2 is vulnerable to symbolic link path traversal that enables remote code execution via the editFilePost function of internal/route/repo/editor.go.
GHSA
Remote Code Execution in Gogs
ghsa·2024-11-15
CVE-2024-44625 [HIGH] CWE-22 Remote Code Execution in Gogs
Remote Code Execution in Gogs
Gogs <0.13.2 is vulnerable to symbolic link path traversal that enables remote code execution via the editFilePost function of internal/route/repo/editor.go.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-15
Published