cbcvebase.

Gogs Gogs vulnerabilities

9 known vulnerabilities affecting gogs/gogs_gogs.

Total CVEs
9
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2022-0415P2HIGHCVSS 8.8PoC≥ unspecified, < 0.12.62022-03-21
CVE-2022-0415 [HIGH] CWE-20 CVE-2022-0415: Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6 Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.
nvd
CVE-2022-2024P2CRITICALCVSS 9.8≥ unspecified, < 0.12.112023-02-25
CVE-2022-2024 [CRITICAL] CWE-78 CVE-2022-2024: OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11. OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.
nvd
CVE-2022-1993P2HIGHCVSS 8.1≥ unspecified, < 0.12.92022-06-09
CVE-2022-1993 [HIGH] CWE-22 CVE-2022-1993: Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.
nvd
CVE-2022-1884P2CRITICALCVSS 9.8≥ unspecified, ≤ latest2024-11-15
CVE-2022-1884 [CRITICAL] CWE-78 CVE-2022-1884: A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Wi A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` to upload a file into the .git directory, allowing them to write or rewrite the `.git/config` file
nvd
CVE-2022-1986P2CRITICALCVSS 9.8≥ unspecified, < 0.12.92022-06-09
CVE-2022-1986 [CRITICAL] CWE-78 CVE-2022-1986: OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.
nvd
CVE-2022-0870P3MEDIUMCVSS 5.3PoC≥ unspecified, < 0.12.52022-03-11
CVE-2022-0870 [MEDIUM] CWE-918 CVE-2022-0870: Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5. Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.
nvd
CVE-2022-0871P3CRITICALCVSS 9.1≥ unspecified, < 0.12.52022-03-11
CVE-2022-0871 [CRITICAL] CWE-862 CVE-2022-0871: Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5. Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5.
nvd
CVE-2022-1992P3CRITICALCVSS 9.1≥ unspecified, < 0.12.92022-06-09
CVE-2022-1992 [CRITICAL] CWE-22 CVE-2022-1992: Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.
nvd
CVE-2022-1464P4MEDIUMCVSS 5.4≥ unspecified, < 0.12.72022-05-05
CVE-2022-1464 [MEDIUM] CWE-79 CVE-2022-1464: Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account .
nvd
Gogs Gogs vulnerabilities | cvebase