github.com/gogs/gogs is vulnerable to remote code execution (RCE) attacks. The vulnerability exists due to the ability to forge a session-file
in file.go
, allowing unauthenticated users to obtain an admin session, and subsequently allowing remote code to be injected.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/gogs/gogs | eq | HEAD | |
github.com/gogs/gogs | le | 0.11.66 |