Date: Thu, 11 Dec 2025 14:40:45 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 291575] devel/gogs: path traversal leading to RCE Message-ID: <bug-291575-7788@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291575 Bug ID: 291575 Summary: devel/gogs: path traversal leading to RCE Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: polarian@polarian.dev CC: me@svmhdvn.name Flags: maintainer-feedback?(me@svmhdvn.name) CC: me@svmhdvn.name Created attachment 266093 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=266093&action=edit vuxml Unpatched zero day which according to the security report has had two rounds within the wild. This zero day was patched however only partially. CVE-2025-8110 - Use of symbol links for path traversal bypassing the fix for CVE-2024-55947 leading to RCE For more information please see: - https://www.wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit - https://www.wiz.io/vulnerability-database/cve/cve-2024-55947 I am attaching a patch to add this to vuxml, issue should be left open until there is an upstream patch available for this. I will submit this later when available, unless someone gets to it before me :) -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-291575-7788>