Responsible Disclosure

CISA Puts Actively Exploited Gogs RCE on KEV, Orders Federal Fix by Feb. 2

The flaw is a symlink-based path traversal in Gogs’ PutContents API that attackers have abused for months.