Home > Vulnerability Database > CVE-2024-39931

Mend.io Vulnerability Database

CVE-2024-39931

Good to know:

Date: July 3, 2024

Gogs through 0.13.0 allows deletion of internal files. The original fix version, 0.13.1, was pulled back due to certain issues. The vendor recommends upgrading to 0.13.2. See https://github.com/gogs/gogs/releases/tag/v0.13.1

Language: Go

Severity Score

9.9

Related Resources (8)

Url: https://github.com/gogs/gogs/security/advisories/GHSA-ccqv-43vm-4f3w

Url: https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/

Url: https://github.com/gogs/gogs/releases

Url: https://github.com/advisories/GHSA-2vgj-3pvg-xh4w

Url: https://github.com/gogs/gogs

Url: https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-39931

Url: https://www.mend.io/vulnerability-database/CVE-2024-39931

Severity Score

9.9

Weakness Type (CWE)

Files or Directories Accessible to External Parties

CWE-552

Top Fix

Upgrade Version

Upgrade to version gogs.io/gogs - v0.13.1

Learn More

CVSS v3.1

Base Score:	9.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-39931

Good to know:

Date: July 3, 2024

Language: Go

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?