Reschjonas

**Name of the Vulnerable Software and Affected Versions** Gogs versions prior to 0.13.4 Gogs versions 0.13.0 through 0.13.3 **Description** Gogs is a self-hosted Git service. A path traversal issue exists in the `updateWikiPage` function. An authenticated user with write access to a repository's wiki can delete arbitrary files on the server by manipulating the `old title` parameter in the wiki editing form. The vulnerability is located in `internal/database/wiki.go`, where the `old title` parameter is used in file operations without proper sanitization. Specifically, the `os.Remove` function, combined with `path.Join`, can be exploited by providing a path traversal sequence in the `old title` parameter, potentially leading to the deletion of files ending with the '.md' extension. This could result in denial of service or data loss. The vulnerable code snippet is: `os.Remove(path.Join(localPath, oldTitle+".md"))`. **Recommendations** Gogs versions prior to 0.13.4: Sanitize the `old title` parameter using `ToWikiPageName` (or `path.Clean` and basename validation) before using it in file operations, similar to how the new `title` is currently handled. As a temporary workaround, restrict write access to the wiki to minimize the risk of exploitation.