-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/gogs/gogs | go | <= 0.13.0 |
Miggo AIRoot Cause AnalysisThe vulnerability involves argument injection during release tagging, which inherently requires interaction with git tag commands. The Sonar disclosure mentions argument injection patterns similar to their CVE-2024-39930 finding where missing argument delimiters enabled exploitation. The GitHub release notes for v0.13.2 explicitly list a fix for GHSA-m27m-h5gj-wwmg (this vulnerability) in the same context as other command injection fixes. Release-related functions in repo/release.go and git command handlers are the most likely candidates based on Go project structure patterns and the vulnerability's nature.
A Semantic Attack on Google Gemini - Read the Latest Research