vulnerability
FreeBSD: VID-0230343c-1908-11f0-accc-b42e991fc52e (CVE-2024-39933): gogs -- Multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:C/I:N/A:N) | Apr 14, 2025 | Apr 16, 2025 | Mar 25, 2026 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:C/I:N/A:N)
Published
Apr 14, 2025
Added
Apr 16, 2025
Modified
Mar 25, 2026
Description
[email protected] reports: CVE-2024-44625: Directory Traversal via the editFilePost function of internal/route/repo/editor.go. CVE-2024-39933: Gogs allows argument injection during the tagging of a new release. CVE-2024-39932: Gogs allows argument injection during the previewing of changes. CVE-2024-39931: Gogs allows deletion of internal files. CVE-2024-39930: The built-in SSH server of Gogs allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated.
Solution
freebsd-upgrade-package-gogs
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.