Unpatched Flaw in Open-Source Gogs Service Facilitates Remote Code Execution. An attacker has been exploiting a zero-day vulnerability in Gogs, an open-source and popular Git service that allows for self-hosting, warned researchers. At least 700 internet-exposed servers running Gogs shows signs of being infected with command-and-control malware; no patch is yet available.
First seen on govinfosecurity.com
Jump to article: www.govinfosecurity.com/zero-day-700-instances-self-hosted-git-service-exploited-a-30254
