HTTP.Git.Hooks.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in git hook feature in Gogs and Gitea. .
The vulnerability is due to an input validation error when parsing a crafted HTTP request. An authenticated remote attacker could exploit this to execute arbitrary code within the context of target application, via a maliciously crafted HTTP request.
Affected Products
Gogs version 0.5.5 to version 0.12.2
Gitea version 1.1.0 to version 1.12.5
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Refer to the vendor's advisory for updates.
https://github.com/go-gitea/gitea/pull/13058
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |