Lucene search
GoogleOSV:GHSA-6VCC-V9VW-G2X5HistoryJun 08, 2022 - 10:34 p.m.
Path Traversal in Git HTTP endpoints in Gogs
2022-06-0822:34:23
Google
osv.dev
16
0.028 Low
EPSS
Percentile
90.7%
Impact
The malicious user is able to craft HTTP requests to access unauthorized Git directories. All installations with are affected.
Patches
Path cleaning has accommodated for Git HTTP endpoints. Users should upgrade to 0.12.9 or the latest 0.13.0+dev.
Workarounds
N/A
References
https://huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d/
For more information
If you have any questions or comments about this advisory, please post on #7002.
| CPE | Name | Operator | Version |
|---|---|---|---|
| gogs.io/gogs | lt | 0.12.9 |
Related
prion
prion
Path traversal
2022-06-09 17:15:00
veracode
veracode
Path Traversal
2022-06-09 05:34:00
osv
osv
CVE-2022-1993
2022-06-09 17:15:08
huntr
huntr
Path Traversal vulnerability on the endpoint '/info/refs'
2022-06-02 23:28:03
alpinelinux
alpinelinux
CVE-2022-1993
2022-06-09 17:15:00
nvd
nvd
CVE-2022-1993
2022-06-09 17:15:08
github
github
Path Traversal in Git HTTP endpoints in Gogs
2022-06-08 22:34:23
cve
cve
CVE-2022-1993
2022-06-09 17:15:08
cvelist
cvelist
CVE-2022-1993 Path Traversal in gogs/gogs
2022-06-08 13:55:11
gitlab
gitlab
Path Traversal in Git HTTP endpoints in Gogs
2022-06-08 00:00:00
openvas
openvas
Gogs < 0.12.9 Multiple Vulnerabilities
2022-06-10 00:00:00