High severityNVD Advisory· Published Jul 4, 2024· Updated Aug 2, 2024
CVE-2024-39933
CVE-2024-39933
Description
Gogs through 0.13.0 allows argument injection during the tagging of a new release.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gogs.io/gogsGo | < 0.13.1 | 0.13.1 |
Affected products
2Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-m27m-h5gj-wwmgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-39933ghsaADVISORY
- github.com/gogs/gogs/commit/76831d0d06c44c5cf46dc22b380440b7507c2f07ghsaWEB
- github.com/gogs/gogs/pull/7872ghsaWEB
- github.com/gogs/gogs/security/advisories/GHSA-m27m-h5gj-wwmgghsaWEB
- www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1ghsaWEB
- github.com/gogs/gogs/releasesmitre
- www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/mitre
News mentions
3- Gogs patches critical zero-day enabling remote code executionBleepingComputer · Jun 8, 2026
- New Gogs zero-day flaw lets hackers get remote code executionBleepingComputer · May 28, 2026
- CVE-2026-52806: Authenticated RCE via Argument Injection in Gogs (FIXED as of June 7, 2026)Rapid7 Blog · May 28, 2026