Critical severity9.8NVD Advisory· Published Dec 23, 2024· Updated Jun 17, 2026
CVE-2024-54148
CVE-2024-54148
Description
Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gogs.io/gogsGo | < 0.13.1 | 0.13.1 |
Affected products
5- ghsa-coords4 versionspkg:golang/gogs.io/gogspkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
< 0.13.1+ 3 more
- (no CPE)range: < 0.13.1
- (no CPE)range: < 0.0.20250108T191942-150000.1.26.1
- (no CPE)range: < 0.0.20250108T191942-1.1
- (no CPE)range: < 0.0.20250108T191942-150000.1.26.1
Patches
Vulnerability mechanics
References
6- github.com/gogs/gogs/commit/c94baec9ca923f38c19f0c7c5af722b9ec04022anvdPatchWEB
- github.com/gogs/gogs/pull/7857nvdPatchWEB
- github.com/gogs/gogs/security/advisories/GHSA-r7j8-5h9c-f6fxnvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-r7j8-5h9c-f6fxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-54148ghsaADVISORY
- github.com/gogs/gogs/issues/7582nvdIssue TrackingWEB
News mentions
0No linked articles in our index yet.