Gogs: Remote Command Execution via Insufficient Patch

In Gogs versions prior to 0.13.3 a critical severity vulnerability CVE-2024-56731 was detected. This vulnerability allows unprivileged users to delete files under the .git directory and execute arbitrary commands with the privileges of the configured RUN_USER, enabling remote command execution and unauthorized modification of other users’ code hosted on the same instance. To address this issue, users should upgrade to versions 0.13.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-56731.