Gogs
Coverage of Gogs in the Nexus archive.
- Gogs patches critical zero-day enabling remote code execution
Gogs has patched a critical zero-day security flaw that could allow attackers to execute remote code and access repositories, including private ones, on Internet-facing instances.
- No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out
A critical remote code execution (RCE) vulnerability in Gogs, a self-hosted Git service, remains unpatched despite being reported in March. The flaw allows authenticated users to exploit default installations, steal credentials, and execute arbitrary code. Rapid7 researcher Jonah Burgess disclosed the issue (GHSA-qf6p-p7ww-cwr9) and submitted a proposed fix, but Gogs maintainers have not released a patch, prompting a Metasploit module to be published.
- Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
A critical remote code execution (RCE) vulnerability has been disclosed in Gogs, an open-source self-hosted Git service, allowing authenticated users to execute arbitrary code. The flaw is rated 9.4 on the CVSS scoring system and currently lacks a CVE identifier.
- New Gogs zero-day flaw lets hackers get remote code execution
A new zero-day vulnerability in the Gogs self-hosted Git service allows attackers to achieve remote code execution on internet-facing instances. The flaw remains unpatched, posing a security risk.