We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1.
Reserved 2024-11-29 | Published 2024-12-23 | Updated 2024-12-24 | Assigner GitHub_MCWE-61: UNIX Symbolic Link (Symlink) Following
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
github.com/gogs/gogs/security/advisories/GHSA-r7j8-5h9c-f6fx
github.com/gogs/gogs/issues/7582
github.com/gogs/gogs/pull/7857
github.com/...ommit/c94baec9ca923f38c19f0c7c5af722b9ec04022a
Support options