CNNVD-202602-987 Information

CNNVD ID

CNNVD-202602-987

Related CVE

CVE-2026-22592

• CNNVD Published: 2026-02-06

Description (Chinese)

Gogs（Go Git Service）是Gogs团队的一个基于Go语言的自助Git托管服务，它支持创建、迁移公开/私有仓库，添加、删除仓库协作者等。 Gogs 0.13.3及之前版本存在安全漏洞，该漏洞源于经过身份验证的用户可能在同步前删除仓库文件，可能导致应用程序崩溃和拒绝服务攻击。

Description (English)

Gogs (Go Git Service), a Gogs team-based self-help Git hosting service based on Go language, supports the creation, relocation, addition, removal of warehouse collaborators, etc. There is a security loophole in Gogs 0.13.3 and previous versions, which stems from the possibility that a user with authentication may remove a warehouse file before synchronizing, which could lead to an application collapse and denial of service attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Gogs

Published

2026-02-06

Last Modified

2026-02-24

References

https://github.com/gogs/gogs/security/advisories/GHSA-cr88-6mqm-4g57

Patch

https://github.com/gogs/gogs/releases