vulnerability
FreeBSD: VID-0230343c-1908-11f0-accc-b42e991fc52e (CVE-2024-39930): gogs -- Multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Apr 14, 2025 | Apr 16, 2025 | Dec 10, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Apr 14, 2025
Added
Apr 16, 2025
Modified
Dec 10, 2025
Description
[email protected] reports: CVE-2024-44625: Directory Traversal via the editFilePost function of internal/route/repo/editor.go. CVE-2024-39933: Gogs allows argument injection during the tagging of a new release. CVE-2024-39932: Gogs allows argument injection during the previewing of changes. CVE-2024-39931: Gogs allows deletion of internal files. CVE-2024-39930: The built-in SSH server of Gogs allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated.
Solution
freebsd-upgrade-package-gogs
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.