High severityNVD Advisory· Published Nov 15, 2024· Updated Nov 20, 2024
CVE-2024-44625
CVE-2024-44625
Description
Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gogs.io/gogsGo | < 0.13.2 | 0.13.2 |
Affected products
3- ghsa-coords2 versions
< 0.13.2+ 1 more
- (no CPE)range: < 0.13.2
- (no CPE)range: < 0.0.20241119T173509-1.1
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-phm4-wf3h-pc3rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-44625ghsaADVISORY
- fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogsghsaWEB
- gogs.ioghsaWEB
- pkg.go.dev/vuln/GO-2024-3275ghsaWEB
- fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogs/mitre
- gogs.iomitre
News mentions
0No linked articles in our index yet.