CVE-2024-54148

Gogs has a Path Traversal in file editing UI

Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1.

We have discovered 53 live websites that are affected by CVE-2024-54148.

Run a Free Instant Scan



Affected Software

Product  Gogs
Category Dev Tools
Vulnerable Domains53 live websites (100% of Gogs install base)
Vulnerable Versions
  • from 0 through 0.13.1
Vulnerable Versions Count0 versions ( less than 0.1% of all versions)


Common Weakness Enumeration

CWE-61 UNIX Symbolic Link (Symlink) Following



Details

  • Published - Dec 23, 2024
  • Updated - Dec 24, 2024

Website Distribution by Country

Number of websites using CVE-2024-54148
United States8 websites


Singapore10 websites
China9 websites
Germany8 websites
France6 websites
Russia6 websites
Iran2 websites
Australia1 websites
Bosnia and Herzegovina1 websites
Ireland1 websites

Website Distribution by TLD

Number of websites using CVE-2024-54148
.com16 websites
.ru7 websites
.de4 websites
.net3 websites
.cn2 websites
.eu2 websites
.fr2 websites
.org2 websites
.nl1 websites
.pl1 websites

Websites affected by CVE-2024-54148

Top websites that are affected by CVE-2024-54148. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*********.ru France*,***,***
*******.ru Russia*,***,***
****.****.net Germany*,***,***
****.********.org United States*,***,***
***.******.de Germany**,***,***
***.******.ir Iran**,***,***
******.ir Iran**,***,***
****.de Germany**,***,***
****.*******.com United States**,***,***
***.********.com Singapore**,***,***
See full domain list

FAQ

CVE-2024-54148 is UNIX Symbolic Link (Symlink) Following in Gogs
A total of 53 websites have been identified as vulnerable to CVE-2024-54148, based on global website indexing conducted by WebTechSurvey.
The Gogs is affected by the CVE-2024-54148 vulnerability.
Gogs versions up to 0.13.1 are vulnerable to CVE-2024-54148.
CVE-2024-54148 is resolved in version 0.13.1 of Gogs.