CVE-2024-55947

Severity CVSS v4.0:
HIGH
Type:
CWE-22 Path Traversal
Publication date:
23/12/2024
Last modified:
10/04/2025

Description

Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:* 0.13.1 (excluding)