OS Command Injection in file editor in Gogs
Description
Published to the GitHub Advisory Database
Jun 8, 2022
Reviewed
Jun 8, 2022
Published by the National Vulnerability Database
Jun 9, 2022
Last updated
Jan 27, 2023
Impact
The malicious user is able to update a crafted
config
file into repository's.git
directory in combination with crafted file deletion to gain SSH access to the server. All installations with repository upload enabled (default) are affected.Patches
File deletions are prohibited to repository's
.git
directory. Users should upgrade to 0.12.9 or the latest 0.13.0+dev.Workarounds
N/A
References
https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930/
For more information
If you have any questions or comments about this advisory, please post on #7000.
References