Home > Vulnerability Database > CVE-2024-39932

Mend.io Vulnerability Database

CVE-2024-39932

Good to know:

Date: July 3, 2024

Gogs through 0.13.0 allows argument injection during the previewing of changes. The original fix version, 0.13.1, was pulled back due to certain issues. The vendor recommends upgrading to 0.13.2. See https://github.com/gogs/gogs/releases/tag/v0.13.1

Language: Go

Severity Score

9.9

Related Resources (8)

Url: https://github.com/advisories/GHSA-hf29-9hfh-w63j

Url: https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/

Url: https://github.com/gogs/gogs/releases

Url: https://github.com/gogs/gogs

Url: https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1

Url: https://github.com/gogs/gogs/security/advisories/GHSA-9pp6-wq8c-3w2c

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-39932

Url: https://www.mend.io/vulnerability-database/CVE-2024-39932

Severity Score

9.9

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

Top Fix

Upgrade Version

Upgrade to version gogs.io/gogs - v0.13.1

Learn More

CVSS v3.1

Base Score:	9.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-39932

Good to know:

Date: July 3, 2024

Language: Go

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?