Vulnerabilities in GOGS: remote code execution

3 posts by 2 authors in: Forums > CMS Builder
Last Post: March 23, 2022   (RSS)

Hi

My client sent me a security report and it says “Vulnerabilities in GOGS: remote code executed” in his web site running CMSB.

Since I have difficulty understanding “GOGS”, I decided to make this post.

Does CMSB use GOGS? or does CMSB anything to do w/ it?

If it uses GOGS, can it be removed?

Please help.

By Dave - March 23, 2022

Hi yusuketaga, 

There's an open-source self-hosted git repository called gogs that has had some remote code execution issues in the past.  You might see if you have that installed and ask your host to update it and/or remove it if you're not using it.  It's not related to CMSB at all or anything we've ever used.

Links: 

Hope that helps!

Dave Edis - Senior Developer
interactivetools.com