Critical Vulnerabilities Identified in Gogs Git Service
/ 1 min read
🔒✨ Critical vulnerabilities discovered in Gogs Git service demand immediate updates. Multiple severe security flaws have been identified in Gogs, an open-source self-hosted Git service, with CVSS scores between 7.7 and 9.9, potentially allowing attackers to execute arbitrary code, gain unauthorized access, and steal sensitive data. Key vulnerabilities include CVE-2024-39930 and CVE-2024-39931, both enabling unprivileged users to execute commands with elevated privileges and delete internal files, respectively. Users are strongly advised to update to version 0.13.1 or the latest 0.14.0+dev to mitigate these risks. In the interim, limiting access to trusted users and disabling the built-in SSH server on non-Windows systems is recommended to enhance security.
