Researcher reported the vuln in March. Maintainers havent responded to his messages since There a huge hole and no one is patching it thus far. A critical, remote code execution RCE bug in Gogs, a popular open source self hosted Git service, can be exploited by any authenticated user no special privileges required on a default installation to fully compromise vulnerable servers, steal credentials and multi factor authentication secrets, or even modify code in hosted repositories in a wide...
