CVE-2022-2024: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.
References
- github.com/advisories/GHSA-pfvh-p8qp-9ww9
- github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini
- github.com/gogs/gogs/commit/15d0d6a94be0098a8227b6b95bdf2daed105ec41
- github.com/gogs/gogs/issues/7030
- github.com/gogs/gogs/security/advisories/GHSA-pfvh-p8qp-9ww9
- huntr.dev/bounties/18cf9256-23ab-4098-a769-85f8da130f97
- nvd.nist.gov/vuln/detail/CVE-2022-2024
Code Behaviors & Features
Detect and mitigate CVE-2022-2024 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →