Gogs: SSH Flaw Allows Remote Code Execution - Proactive Insights and Support For Open-Source Applications

In Gogs versions up to 0.13.0 a critical severity vulnerability CVE-2024-39930 was detected in the built-in SSH server. This flaw lets attackers send harmful commands, leading to remote code execution. Attackers must be authenticated and can exploit this if the SSH server is enabled. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-39930.