Gogs vulnerability allows argument injection during change preview
CVE-2024-39932

9.9CRITICAL

Key Information:

Vendor: Gogs
Status: Gogs
Vendor: CVE Published:; 4 July 2024

What is CVE-2024-39932?

The Gogs software version 0.13.0 is vulnerable to an argument injection issue during the process of previewing changes. This vulnerability allows an attacker to manipulate input arguments, leading to potential unintended command execution or exposure of sensitive information. Users are advised to review their application configurations and update to the latest versions to mitigate associated risks.

References

https://github.com/gogs/gogs/releases

https://www.sonarsource.com/blog/securing-developer-tools...

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 4, 2024
Vulnerability Reserved
Jul 4, 2024