Gogs Gogs vulnerabilities

10 known vulnerabilities affecting gogs/gogs_gogs.

Total CVEs

10

CISA KEV

0

Public exploits

2

Exploited in wild

0

Severity breakdown

CRITICAL5HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1

CVE-2022-1884CRITICALCVSS 9.8≥ unspecified, ≤ latest2024-11-15

CVE-2022-1884 [CRITICAL] CWE-78 CVE-2022-1884: A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Wi A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` to upload a file into the .git directory, allowing them to write or rewrite the `.git/config` file

CVE-2022-2024CRITICALCVSS 9.8≥ unspecified, < 0.12.112023-02-25

CVE-2022-2024 [CRITICAL] CWE-78 CVE-2022-2024: OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11. OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.

CVE-2022-1992CRITICALCVSS 9.1≥ unspecified, < 0.12.92022-06-09

CVE-2022-1992 [CRITICAL] CWE-22 CVE-2022-1992: Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.

CVE-2022-1986CRITICALCVSS 9.8≥ unspecified, < 0.12.92022-06-09

CVE-2022-1986 [CRITICAL] CWE-78 CVE-2022-1986: OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.

CVE-2022-1993HIGHCVSS 8.1≥ unspecified, < 0.12.92022-06-09

CVE-2022-1993 [HIGH] CWE-22 CVE-2022-1993: Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.

CVE-2022-1285MEDIUMCVSS 6.5≥ unspecified, < 0.12.82022-06-01

CVE-2022-1285 [MEDIUM] CWE-918 CVE-2022-1285: Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8. Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8.

CVE-2022-1464MEDIUMCVSS 5.4≥ unspecified, < 0.12.72022-05-05

CVE-2022-1464 [MEDIUM] CWE-79 CVE-2022-1464: Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account .

CVE-2022-0415HIGHCVSS 8.8PoC≥ unspecified, < 0.12.62022-03-21

CVE-2022-0415 [HIGH] CWE-20 CVE-2022-0415: Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6 Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.

CVE-2022-0871CRITICALCVSS 9.1≥ unspecified, < 0.12.52022-03-11

CVE-2022-0871 [CRITICAL] CWE-862 CVE-2022-0871: Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5. Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5.

CVE-2022-0870MEDIUMCVSS 5.3PoC≥ unspecified, < 0.12.52022-03-11

CVE-2022-0870 [MEDIUM] CWE-918 CVE-2022-0870: Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5. Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.