CVE-2024-39933

CVSS 3.1 Score 7.7 of 10 (high)

Details

Published Jul 4, 2024

Updated: Jul 12, 2024

CWE ID 88

Summary

CVE-2024-39933 is a newly disclosed vulnerability affecting Gogs versions up to 0.13.0. This issue permits argument injection during the tagging process of a new release, enabling attackers to execute arbitrary commands on the Gogs server. An attacker could exploit this vulnerability by crafting a malicious tag name that includes injected code, potentially leading to server compromise or unauthorized access to sensitive information. It is recommended that users upgrade to the latest version of Gogs to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Gogs

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/w0Sp1Y
https://www.cve.org/CVERecord?id=CVE-2024-39933
https://nvd.nist.gov/vuln/detail/CVE-2024-39933

Back to Vulnerability Database

CVE-2024-39933

CVSS 3.1 Score 7.7 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations