CVE-2022-1993
HIGH8.1EPSS 0.58%Path Traversal in Git HTTP endpoints in Gogs
發布日:2022/6/8修改日:2024/8/21
描述
### Impact The malicious user is able to craft HTTP requests to access unauthorized Git directories. All installations with are affected. ### Patches Path cleaning has accommodated for Git HTTP endpoints. Users should upgrade to 0.12.9 or the latest 0.13.0+dev. ### Workarounds N/A ### References https://huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d/ ### For more information If you have any questions or comments about this advisory, please post on #7002.
受影響套件(2)
- Go/gogs.io/gogsfrom 0, < 0.12.9
- Go/gogs.io/gogsfrom 0, < 0.12.9
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-1993
- PATCHhttps://github.com/gogs/gogs
- WEBhttps://github.com/gogs/gogs/commit/9bf748b6c4c9a17d3aa77f6b9abcfae65451febf
- WEBhttps://github.com/gogs/gogs/issues/7002
- WEBhttps://github.com/gogs/gogs/security/advisories/GHSA-6vcc-v9vw-g2x5
- WEBhttps://huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d