CNNVD-202602-995 Information

CNNVD ID

CNNVD-202602-995

Related CVE

CVE-2025-64111

• CNNVD Published: 2026-02-06

Description (Chinese)

Gogs（Go Git Service）是Gogs团队的一个基于Go语言的自助Git托管服务，它支持创建、迁移公开/私有仓库，添加、删除仓库协作者等。 Gogs 0.13.3及之前版本存在操作系统命令注入漏洞，该漏洞源于对CVE-2024-56731的补丁不足，仍可能更新.git目录中的文件并实现远程命令执行。

Description (English)

Gogs (Go Git Service), a Gogs team-based self-help Git hosting service based on Go language, supports the creation, relocation, addition, removal of warehouse collaborators, etc. The Gogs 0.13.3 and previous versions had a gap in the operating system commands, which stemmed from a lack of patches to CVE-2024-56731, and could still update the documents in the .git directory and achieve remote command execution.

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

Gogs

Published

2026-02-06

Last Modified

2026-02-24

References

https://github.com/gogs/gogs/security/advisories/GHSA-gg64-xxr9-qhjp

Patch

https://github.com/gogs/gogs/releases