Skip to content
The Nexus
DossierENTITY

Gogs

Coverage of Gogs in the Nexus archive.

Earliest in view: May 28 · 14:25 UTCMost recent: Jun 8 · 16:18 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 8 · 16:18 UTCBLEEPING COMPUTER
    Gogs patches critical zero-day enabling remote code execution

    Gogs has patched a critical zero-day security flaw that could allow attackers to execute remote code and access repositories, including private ones, on Internet-facing instances.

  • SECURITYMay 29 · 18:26 UTCTHE REGISTER
    No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out

    A critical remote code execution (RCE) vulnerability in Gogs, a self-hosted Git service, remains unpatched despite being reported in March. The flaw allows authenticated users to exploit default installations, steal credentials, and execute arbitrary code. Rapid7 researcher Jonah Burgess disclosed the issue (GHSA-qf6p-p7ww-cwr9) and submitted a proposed fix, but Gogs maintainers have not released a patch, prompting a Metasploit module to be published.

  • SECURITYMay 28 · 17:24 UTCTHE HACKER NEWS
    Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

    A critical remote code execution (RCE) vulnerability has been disclosed in Gogs, an open-source self-hosted Git service, allowing authenticated users to execute arbitrary code. The flaw is rated 9.4 on the CVSS scoring system and currently lacks a CVE identifier.

  • SECURITYMay 28 · 14:25 UTCBLEEPING COMPUTER
    New Gogs zero-day flaw lets hackers get remote code execution

    A new zero-day vulnerability in the Gogs self-hosted Git service allows attackers to achieve remote code execution on internet-facing instances. The flaw remains unpatched, posing a security risk.

Gogs · Dossier · The Nexus