Login Sign Up

CVE-2024-39932

9.9 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2024-39932 is an argument injection vulnerability in Gogs that allows attackers to execute arbitrary commands on the server during change preview operations. This affects all Gogs instances running versions through 0.13.0. Attackers can achieve remote code execution with the privileges of the Gogs service account.

💻 Affected Systems

Products:
  • Gogs
Versions: All versions through 0.13.0
Operating Systems: All platforms running Gogs
Default Config Vulnerable: ⚠️ Yes
Notes: All Gogs installations are vulnerable regardless of configuration

📦 What is this software?

Gogs by Gogs

View all CVEs affecting Gogs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise leading to data theft, lateral movement, and persistent backdoor installation

🟠

Likely Case

Remote code execution allowing attacker to access source code, user credentials, and deploy malicious payloads

🟢

If Mitigated

Limited impact if running in isolated container with minimal privileges and network restrictions

🌐 Internet-Facing: HIGH - Directly exploitable via web interface without authentication
🏢 Internal Only: HIGH - Equally exploitable from internal networks

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public technical details available in SonarSource blog post showing exploitation vectors

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.14.0 and later

Vendor Advisory: https://github.com/gogs/gogs/releases

Restart Required: Yes

Instructions:

1. Backup your Gogs data and configuration. 2. Download Gogs 0.14.0 or later from official releases. 3. Stop Gogs service. 4. Replace binary with patched version. 5. Restart Gogs service. 6. Verify functionality.

🔧 Temporary Workarounds

Disable change preview feature

all

Temporarily disable the vulnerable preview functionality

Modify app.ini to disable relevant preview endpoints or implement reverse proxy rules to block /api/v1/repos/*/preview/* endpoints

Network isolation

all

Restrict access to Gogs instance

Configure firewall to allow only trusted IPs to access Gogs web interface and API

🧯 If You Can't Patch

  • Isolate Gogs instance in network segment with no internet access
  • Run Gogs in container with read-only filesystem and minimal privileges

🔍 How to Verify

Check if Vulnerable:

Check Gogs version via web interface admin panel or by examining binary version

Check Version:

./gogs --version or check web interface at /admin

Verify Fix Applied:

Confirm version is 0.14.0 or later and test preview functionality

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution patterns in system logs
  • Suspicious preview API requests with unusual parameters
  • Unexpected process spawns from Gogs service account

Network Indicators:

  • Unusual outbound connections from Gogs server
  • Exploit tool traffic to Gogs preview endpoints

SIEM Query:

source="gogs" AND (uri_path="/api/v1/repos/*/preview/*" AND (param="*;*" OR param="*|*" OR param="*`*"))

📊 Metadata

CVE ID: CVE-2024-39932
CVSS v3 Score: 9.9 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-94
Published: July 4, 2024
Last Updated: April 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-39932, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)