CVE-2024-56731: Gogs allows deletion of internal files which leads to remote command execution
Due to the insufficient patch for the CVE-2024-39931, it’s still possible to delete files under the .git directory and achieve remote command execution.
References
- github.com/advisories/GHSA-ccqv-43vm-4f3w
- github.com/advisories/GHSA-wj44-9vcg-wjq7
- github.com/gogs/gogs
- github.com/gogs/gogs/commit/77a4a945ae9a87f77e392e9066b560edb71b5de9
- github.com/gogs/gogs/releases/tag/v0.13.3
- github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7
- nvd.nist.gov/vuln/detail/CVE-2024-56731
Code Behaviors & Features
Detect and mitigate CVE-2024-56731 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →