Path Traversal in Gogs Gogs/gogs

CVE-2022-1993

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.503 (98.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Gogs Gogs/gogs — versions unspecified

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d (x_refsource_CONFIRM)
github.com/gogs/gogs/commit/9bf748b6c4c9a17d3aa77f6b9abcfae65451febf (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-1993?: CVE-2022-1993 is a high-severity vulnerability in Gogs Gogs/gogs, classified under Path Traversal. CVSS score: 8.1/10. Published 2022-06-08.
How severe is CVE-2022-1993?: High severity. CVSS v3 base score is 8.1 out of 10.
Is CVE-2022-1993 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.