Skip to content
The Nexus
SECURITYMay 29 · 18:26 UTCTHE REGISTER

No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out

A critical remote code execution (RCE) vulnerability in Gogs, a self-hosted Git service, remains unpatched despite being reported in March. The flaw allows authenticated users to exploit default installations, steal credentials, and execute arbitrary code. Rapid7 researcher Jonah Burgess disclosed the issue (GHSA-qf6p-p7ww-cwr9) and submitted a proposed fix, but Gogs maintainers have not released a patch, prompting a Metasploit module to be published.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this
Related Signal

Adjacent reporting