oss-sec mailing list archives
Re: CVE-2025-8110 in Gogs self-hosted git service
From: Martin Weinelt <martin () linuxlounge net>
Date: Thu, 11 Dec 2025 17:07:50 +0100
On 12/11/25 16:33, Jakub Wilk wrote:
* Alan Coopersmith <alan.coopersmith () oracle com>, 2025-12-10 15:18:https://github.com/gogs/gogs offers a MIT-licensed self-hosted git service.Gogs has a couple of notable forks: Gitea, Forgejo. Does anyone know if they are affected?
Per gusted, a Forgejo developer, the relevant code was rewritten way back in https://github.com/go-gitea/gitea/pull/6314.
People have since tried to attack it, but have not been successful. That means Forgejo and Gitea are most likely unaffected. --- Martin Weinelt
Current thread:
- CVE-2025-8110 in Gogs self-hosted git service Alan Coopersmith (Dec 10)
- Re: CVE-2025-8110 in Gogs self-hosted git service Jakub Wilk (Dec 11)
- Re: CVE-2025-8110 in Gogs self-hosted git service Martin Weinelt (Dec 11)
- Re: CVE-2025-8110 in Gogs self-hosted git service Jakub Wilk (Dec 11)