CVE-2024-44625

Name of the Vulnerable Software and Affected Versions Gogs versions <=0.13.0

Description The issue is related to a Directory Traversal vulnerability via the editFilePost function in the internal/route/repo/editor.go file. This vulnerability is caused by improper restriction of the directory path name, allowing a remote attacker to execute arbitrary code.

Recommendations For Gogs versions <=0.13.0, as a temporary workaround, consider disabling the editFilePost function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.