GoYou Cybersecurity (EN)
Critical RCE Vulnerability in Gogs: Remote Code Execution via Malicious Pull Requests
Descripción
A critical argument injection vulnerability in Gogs, a popular open-source self-hosted Git service, allows authenticated users to achieve remote code execution (RCE) on the server. The exploit involves creating a pull request with a malicious branch name that injects the --exec flag into git rebase during the merge operation. This vulnerability, scored as CVSSv4 9.4 (Critical), enables attackers to compromise the server, read every repository, dump credentials, pivot to other systems, and modify hosted repository code. The vulnerability affects Gogs versions 0.14.2 and 0.15.0+dev, with no patch available at the time of publication. Leggi su GoYou [https://www.goyou.it/en/cybersecurity/2026/05/29/critical-rce-vulnerability-in-gogs-remote-code-execution-via-malicious-pull.html]
Empieza 7 días de prueba
$99 / mes después de la prueba. · Cancela cuando quieras.
- Podcasts solo en Podimo
- 20 horas de audiolibros al mes
- Podcast gratuitos
Todos los episodios
225 episodios
Comentarios
0Sé la primera persona en comentar
¡Regístrate ahora y únete a la comunidad de GoYou Cybersecurity (EN)!