High severityNVD Advisory· Published Dec 23, 2024· Updated Dec 24, 2024
Gogs has a Path Traversal in file update API
CVE-2024-55947
Description
Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gogs.io/gogsGo | < 0.13.1 | 0.13.1 |
Affected products
5- ghsa-coords4 versionspkg:golang/gogs.io/gogspkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
< 0.13.1+ 3 more
- (no CPE)range: < 0.13.1
- (no CPE)range: < 0.0.20250108T191942-150000.1.26.1
- (no CPE)range: < 0.0.20250108T191942-1.1
- (no CPE)range: < 0.0.20250108T191942-150000.1.26.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-qf5v-rp47-55ggghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-55947ghsaADVISORY
- github.com/gogs/gogs/commit/9a9388ace25bd646f5098cb9193d983332c34e41ghsax_refsource_MISCWEB
- github.com/gogs/gogs/issues/7582ghsax_refsource_MISCWEB
- github.com/gogs/gogs/pull/7859ghsax_refsource_MISCWEB
- github.com/gogs/gogs/security/advisories/GHSA-qf5v-rp47-55ggghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.