Home Packages KEV Critical Insights Jobs Pricing

Loading…

Data from OSV.dev, CISA KEV, and FIRST EPSS.Sync status GitHub

CVE-2021-32546 — OS Command Injection in gogs in gogs.io/gogs · VulnScope

CVE-2021-32546

OS Command Injection in gogs in gogs.io/gogs

EPSS 1.4%

Description

OS Command Injection in gogs in gogs.io/gogs

How to fix CVE-2021-32546

To remediate CVE-2021-32546, upgrade the affected package to a fixed version below.

Go/gogs.io/gogs—upgrade to 0.12.8 or later
Go/gogs.io/gogs—upgrade to 0.12.8 or later

Is CVE-2021-32546 being exploited?

Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 0.12.8
from 0, < 0.12.8

References (8)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2021-32546
PATCHgithub.com/gogs/gogs
WEBgithub.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129
WEBgithub.com/gogs/gogs/issues/6555
WEB

Metadata

Published: 6/2/2022
Modified: 3/3/2026

Also known as:

GHSA-56j7-2pm8-rgmxghsa
GO-2022-0471goadvisory

github.com/gogs/gogs/pull/6986

WEBgithub.com/gogs/gogs/releases

WEBgithub.com/gogs/gogs/releases/tag/v0.12.8

WEBgithub.com/gogs/gogs/security/advisories/GHSA-56j7-2pm8-rgmx

Go/gogs.io/gogs

Go/gogs.io/gogs