Main Vulnerability Database Vulnerabilities #VU128076

Input validation error in gogs - CVE-2024-39931

Published: December 23, 2024 / Updated: April 27, 2026

Vulnerability identifier: #VU128076

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-39931

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: gogs.io

Affected software:
gogs

Detailed vulnerability description

The vulnerability allows a remote user to execute arbitrary commands and access and alter other users' code.

The vulnerability exists due to improper input validation in internal file deletion handling when deleting .git files. A remote user can delete specially crafted internal files to execute arbitrary commands and access and alter other users' code.

Code execution occurs with the privileges of the account specified by RUN_USER in the configuration.

How to mitigate CVE-2024-39931

Install security update from vendor's website.

Input validation error in gogs - CVE-2024-39931

Detailed vulnerability description

How to mitigate CVE-2024-39931

Sources

Please verify you're human