Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-DBA486BAC618CBA7CCC7E9BE0DC26023HistoryJun 08, 2022 - 12:00 a.m.
Path Traversal in Git HTTP endpoints in Gogs
2022-06-0800:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
37
0.028 Low
EPSS
Percentile
90.7%
Impact
The malicious user is able to craft HTTP requests to access unauthorized Git directories. All installations with are affected.
Patches
Path cleaning has accommodated for Git HTTP endpoints. Users should upgrade to 0.12.9 or the latest 0.13.0+dev.
Workarounds
N/A
References
https://huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d/
For more information
If you have any questions or comments about this advisory, please post on #7002.
| CPE | Name | Operator | Version |
|---|---|---|---|
| go/gogs.io/gogs | lt | 0.12.9 |
Related
prion
prion
Path traversal
2022-06-09 17:15:00
alpinelinux
alpinelinux
CVE-2022-1993
2022-06-09 17:15:00
osv
osv
Path Traversal in Git HTTP endpoints in Gogs
2022-06-08 22:34:23
CVE-2022-1993
2022-06-09 17:15:08
nvd
nvd
CVE-2022-1993
2022-06-09 17:15:08
github
github
Path Traversal in Git HTTP endpoints in Gogs
2022-06-08 22:34:23
veracode
veracode
Path Traversal
2022-06-09 05:34:00
huntr
huntr
Path Traversal vulnerability on the endpoint '/info/refs'
2022-06-02 23:28:03
cve
cve
CVE-2022-1993
2022-06-09 17:15:08
cvelist
cvelist
CVE-2022-1993 Path Traversal in gogs/gogs
2022-06-08 13:55:11
openvas
openvas
Gogs < 0.12.9 Multiple Vulnerabilities
2022-06-10 00:00:00