Lucene search
GoogleOSV:CVE-2021-32546HistoryJun 02, 2022 - 2:15 p.m.
CVE-2021-32546
2022-06-0214:15:28
Google
osv.dev
3
Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain an option such as sshCommand, which is executed when a master branch is a remote branch (using an ssh:// URI). The remote branch can also be configured by editing the Git configuration file. One can create a new file in a new repository, using the GUI, with "" as its name, and then rename this file to .git/config with the custom configuration content (and then save it).
Related
cvelist
cvelist
CVE-2021-32546
2022-05-31 21:21:18
alpinelinux
alpinelinux
CVE-2021-32546
2022-06-02 14:15:00
github
github
OS Command Injection in gogs
2022-06-02 20:52:23
nvd
nvd
CVE-2021-32546
2022-06-02 14:15:28
openvas
openvas
Gogs < 0.12.8 RCE Vulnerability
2022-06-03 00:00:00
cve
cve
CVE-2021-32546
2022-06-02 14:15:28
prion
prion
Input validation
2022-06-02 14:15:00
veracode
veracode
Remote Code Execution (RCE)
2022-06-03 05:47:11
gitlab
gitlab
OS Command Injection in gogs
2022-06-02 00:00:00
osv
osv
OS Command Injection in gogs
2022-06-02 20:52:23