Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug. A newly discovered and so far unpatched critical vulnerability in the open source Gogs ...
Attackers are actively exploiting a zero-day bug in Gogs, a popular self-hosted Git service, and the open source project doesn't yet have a fix.… More than 700 instances have been compromised in the ...
CISA added Gogs CVE-2025-8110 to its Known Exploited Vulnerabilities catalog Critical symlink bypass enables unauthenticated Remote Code Execution via PutContents API Over 700 Gogs servers compromised ...
In addition to security researchers, a US security authority is now also warning of attacks on self-hosted Git service servers based on Gogs. Admins who self-host Git service servers with Gogs should ...