Main Vulnerability Database Vulnerabilities #VU119868

#VU119868 Path traversal in gogs - CVE-2024-55947

Published: December 11, 2025

Vulnerability identifier: #VU119868

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-55947

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
gogs

Software vendor:
gogs.io

Description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote user can write files to an arbitrary location on the system and gain SSH access to the server, leading to remote code execution.

Remediation

Install updates from vendor's website.

External links

https://github.com/gogs/gogs/commit/9a9388ace25bd646f5098cb9193d983332c34e41
https://github.com/gogs/gogs/issues/7582
https://github.com/gogs/gogs/pull/7859
https://github.com/gogs/gogs/security/advisories/GHSA-qf5v-rp47-55gg

#VU119868 Path traversal in gogs - CVE-2024-55947

Description

Remediation

External links

Please verify you're human