VYPR
Critical severityNVD Advisory· Published Nov 15, 2024· Updated Nov 15, 2024

Remote Command Execution in gogs/gogs

CVE-2022-1884

Description

A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the tree_path parameter during file uploads. An attacker can set tree_path=.git. to upload a file into the .git directory, allowing them to write or rewrite the .git/config file. If the core.sshCommand is set, this can lead to remote command execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
gogs.io/gogsGo
< 0.12.80.12.8

Affected products

2

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.