CVE-2024-39932

Name of the Vulnerable Software and Affected Versions Gogs versions through 0.13.0

Description The issue is related to argument injection during the previewing of changes, which can allow a remote attacker to execute arbitrary commands. Unprivileged user accounts can write to arbitrary files on the filesystem, potentially forcing a re-installation of the instance and granting administrator rights. This allows accessing and altering any user's code hosted on the same instance.

Recommendations For Gogs versions through 0.13.0, upgrade to 0.13.1 or the latest 0.14.0+dev to resolve the issue. As a temporary measure, only grant access to trusted users to your Gogs instance on affected versions.