Remote Command Execution Vulnerability in Gogs Git Service
CVE-2024-56731

10CRITICAL

Key Information:

Vendor

Gogs

Status
Gogs
Vendor
CVE Published:
24 June 2025

What is CVE-2024-56731?

Gogs, an open source self-hosted Git service, was found to have a critical vulnerability in versions prior to 0.13.3 that allows unprivileged users to execute arbitrary commands. This weakness arises from an insufficiently addressed issue related to file deletions in the .git directory, reminiscent of a prior vulnerability. As a result, attackers can manipulate the code of all users hosted on the affected Gogs instance. This serious flaw has been resolved in Gogs version 0.13.3, and users are strongly advised to upgrade to sustain security.

Affected Version(s)

gogs < 0.13.3

References

https://github.com/gogs/gogs/security/advisories/GHSA-wj4...
x_refsource_CONFIRM
https://github.com/gogs/gogs/commit/77a4a945ae9a87f77e392...
x_refsource_MISC
https://github.com/gogs/gogs/releases/tag/v0.13.3
x_refsource_MISC

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-56731 : Remote Command Execution Vulnerability in Gogs Git Service