Public Exploits Released for Three Gogs RCE Flaws, CVSS Up to 10
ID: 7c3ef25e-0cc5-5381-af05-2de7c06a5042
STIX ID: report--7c3ef25e-0cc5-5381-af05-2de7c06a5042
Feed Name: securityonline.info
Threat Score
Gogs released version 0.14.3 to patch three critical RCE vulnerabilities (CVSS 9.4–10) that allow unauthenticated or low-privilege users to achieve remote code execution via organization name path traversal, branch/rebase argument injection, and symlink-based file writes; working proofs-of-concept are public, multiple instance types are exposed, and administrators should update immediately and disable open registration as a stopgap.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
