Enhancement: cves/2022/CVE-2022-0415.yaml by md
parent
e4d5bcd8dc
commit
9bfd137000
|
@ -1,16 +1,16 @@
|
|||
id: CVE-2022-0415
|
||||
|
||||
info:
|
||||
name: Gogs < 0.12.6 - Remote Command Execution
|
||||
name: Gogs <0.12.6 - Remote Command Execution
|
||||
author: theamanrawat
|
||||
severity: high
|
||||
description: |
|
||||
Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.
|
||||
Gogs before 0.12.6 is susceptible to remote command execution via the uploading repository file in GitHub repository gogs/gogs.
|
||||
reference:
|
||||
- https://github.com/gogs/gogs/commit/0fef3c9082269e9a4e817274942a5d7c50617284
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0415
|
||||
- https://huntr.dev/bounties/b4928cfe-4110-462f-a180-6d5673797902
|
||||
remediation: Fixed in version 0.12.6
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0415
|
||||
remediation: Fixed in version 0.12.6.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
|
@ -79,7 +79,6 @@ requests:
|
|||
|
||||
_csrf={{auth_csrf}}&tree_path=/.git/&files={{uuid}}&commit_summary=&commit_message=&commit_choice=direct&new_branch_name=
|
||||
|
||||
|
||||
cookie-reuse: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
@ -115,3 +114,5 @@ requests:
|
|||
regex:
|
||||
- ' "uuid": "(.*)"'
|
||||
internal: true
|
||||
|
||||
# Enhanced by md on 2023/03/28
|
||||
|
|
Loading…
Reference in New Issue