Lucene search

GoogleOSV:CVE-2022-2024

HistoryFeb 25, 2023 - 8:15 a.m.

CVE-2022-2024

2023-02-2508:15:09

Google

osv.dev

command injection

github

gogs

software

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.

CPENameOperatorVersion
gogseq0.2.0
gogseq0.9.141
gogseq0.9.13
gogseq0.7.22
gogseq0.11.29
gogseq0.9.113
gogseq0.9.46
gogseq0.9.0
gogseq0.9.71
gogseq0.6.3

Name	Operator	Version
gogs	eq	0.2.0
gogs	eq	0.9.141
gogs	eq	0.9.13
gogs	eq	0.7.22
gogs	eq	0.11.29
gogs	eq	0.9.113
gogs	eq	0.9.46
gogs	eq	0.9.0
gogs	eq	0.9.71
gogs	eq	0.6.3

Rows per page:

1-10 of 561

References

github.com/gogs/gogs/commit/15d0d6a94be0098a8227b6b95bdf2daed105ec41

huntr.dev/bounties/18cf9256-23ab-4098-a769-85f8da130f97

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

Related for OSV:CVE-2022-2024