Main Vulnerability Database Vulnerabilities #VU128075

Input validation error in gogs - CVE-2024-39932

Published: December 23, 2024 / Updated: April 27, 2026

Vulnerability identifier: #VU128075

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-39932

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: gogs.io

Affected software:
gogs

Detailed vulnerability description

The vulnerability allows a remote user to write to arbitrary files on the filesystem.

The vulnerability exists due to improper input validation in the changes preview feature when processing unintended Git options for diff preview. A remote user can supply crafted arguments to write to arbitrary files on the filesystem.

Exploitation can force a re-installation of the instance and allow access to and modification of other users' hosted code on the same instance.

How to mitigate CVE-2024-39932

Install security update from vendor's website.

Input validation error in gogs - CVE-2024-39932

Detailed vulnerability description

How to mitigate CVE-2024-39932

Sources

Please verify you're human