How severe is CVE-2024-54148?

CVE-2024-54148 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2024-54148

Name: gogs
Author: gogs

9.8CRITICAL

Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.

Published: 12/23/2024Updated: 4/10/2025

Description

Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1.

AI AnalysisPowered by AI

Affected Products

gogsgogs

References

https://github.com/gogs/gogs/commit/c94baec9ca923f38c19f0c7c5af722b9ec04022a
Patch
https://github.com/gogs/gogs/issues/7582
Issue Tracking
https://github.com/gogs/gogs/pull/7857
Patch
https://github.com/gogs/gogs/security/advisories/GHSA-r7j8-5h9c-f6fx
ExploitVendor Advisory