Lucene search
Veracode Vulnerability DatabaseVERACODE:39481HistoryMar 02, 2023 - 2:46 a.m.
OS Command Injection
2023-03-0202:46:47
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
os command injection
github.com/gogs/gogs
isrepositorygitpath
repo_editor.go
case-insensitive file systems
malicious file configs
0.002 Low
EPSS
Percentile
55.1%
github.com/gogs/gogs is vulnerable to OS Command Injection. The vulnerability exists because the isRepositoryGitPath function of repo_editor.go does not properly check the git path on case-insensitive file systems, which allows an attacker to upload malicious file configs into the system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/gogs/gogs | le | v0.12.10 | |
| github.com/gogs/gogs | le | v0.12.10 |
References
github.com/advisories/GHSA-pfvh-p8qp-9ww9
github.com/gogs/gogs/commit/15d0d6a94be0098a8227b6b95bdf2daed105ec41
github.com/gogs/gogs/commit/b1576d5a1fc7ee63ed43c71fbb6da424484d3800
github.com/gogs/gogs/pull/7359
huntr.dev/bounties/18cf9256-23ab-4098-a769-85f8da130f97
huntr.dev/bounties/18cf9256-23ab-4098-a769-85f8da130f97/
Related
cvelist
cvelist
CVE-2022-2024 OS Command Injection in gogs/gogs
2023-02-25 00:00:00
osv
osv
Gogs OS Command Injection vulnerability
2023-02-28 20:12:11
CVE-2022-2024
2023-02-25 08:15:09
cve
cve
CVE-2022-2024
2023-02-25 08:15:09
nvd
nvd
CVE-2022-2024
2023-02-25 08:15:09
gitlab
gitlab
prion
prion
Command injection
2023-02-25 08:15:00
github
github
Gogs OS Command Injection vulnerability
2023-02-28 20:12:11
huntr
huntr
Bypass to Remote Command Execution in uploading repository file
2022-06-06 16:09:01