¡¾·ì϶¹«¸æ¡¿Gogsõè¾¶±éÀúÔ¶³Ì´úÂëÖ´Ðзì϶(CVE-2026-52813)
°ä²¼¹¦·ò 2026-06-25Ò»¡¢·ì϶¸ÅÊö

GogsÊÇÒ»¿îʹÓÃGo˵»°¿ª·¢µÄ¿ªÔ´×ÔÍйÜGit·þÎñƽ̨£¬¿ÉÓÃÓڴÆóÒµ»òÓ×ÎÒ´úÂëÍйÜϵͳ£¬Ö§³ÖGit²Ö¿âÖÎÀí¡¢×éÖ¯ÓëÍŶÓÖÎÀí¡¢È¨ÏÞ½ÚÔì¡¢ÎÊÌâ¸ú×Ù¡¢´úÂëÉó²é¡¢Webhook¼°APIµÈÖ°ÄÜ£¬ÓµÓв¿Êðµ¥Ò»¡¢×ÊÔ´Õ¼ÓÃ½ÏµÍºÍ¿çÆ½Ì¨ÔËÐеÈÌØµã¡£
2026Äê6ÔÂ25ÈÕ£¬mansion88Ã÷Éý°²È«Ó¦¼±ÏìÓ¦ÖÐÐÄ£¨VSRC£©¼à²âµ½Gogsõè¾¶±éÀúÔ¶³Ì´úÂëÖ´Ðзì϶¡£¸Ã·ì϶´æÔÚÓÚinternal/database/org.goµÈÓйشúÂëÖУ¬ÓÉÓÚϵͳδ¶Ô×éÖ¯Ãû³ÆÖеÄõè¾¶±éÀúÐòÁнøÐÐÑϸñУÑ飬µ¼Ö²ֿâ¿É±»´´½¨µ½Ô¤ÆÚĿ¼֮±í¡£¹¥»÷Õ߿ɻú¹Ø¶ñÒâ×éÖ¯Ãû³Æ£¬½«Ç¶Ì×Git²Ö¿âдÈëÆäËû²Ö¿âµÄ±¾µØ¹¤×÷Ŀ¼£¬´Û¸Ähooks/updateµÈGit Hooks¾ç±¾²¢´¥·¢Ö´ÐУ¬´Ó¶øÒÔGogs·þÎñ¹ý³ÌÉí·ÝÖ´ÐÐËÁÒâºÅÁî¡£
¶þ¡¢Ó°ÏìÁìÓò
Gogs < 0.14.3
ÔÚĬÈÏÔÊÐíÓû§×ÔÐÐ×¢²á²¢´´½¨×éÖ¯µÄÅäÖÃÏ£¬Î´¾ÖÎÀíÔ±ÊÚȨµÄ±í²¿Óû§¿ÉÄÜ×¢²áͨ³£ÕË»§£¬²¢Í¨¹ý×éÖ¯´´½¨¼°²Ö¿â²Ù×÷ʵÏÖ·ì϶ÀûÓá£
Èý¡¢°²È«´ëÊ©
3.1 Éý¼¶°æ±¾
¹Ù·½ÒѰ䲼½¨¸´²¹¶¡£¬ÒÔ½¨¸´¸Ã·ì϶
Gogs >= 0.14.3
ÏÂÔØÁ´½Ó£º
https://github.com/gogs/gogs/releases
3.2 һʱ´ëÊ©
ÈôÁÙʱÎÞ·¨Éý¼¶£¬½¨Òé²ÉÈ¡ÒÔÏ´ëÊ©½µµÍ·ì϶ÀûÓ÷çÏÕ£º
¹Ø¹ØÓû§×ÔÖ÷×¢²áÖ°ÄÜ£¬½öÔÊÐíÖÎÀíÔ±´´½¨ÊÜÐÅÀµÕË»§£»
ÏÞ¶Èͨ³£Óû§´´½¨×éÖ¯¡¢²Ö¿âÒÔ¼°Å²ÓÃÓйØAPIµÄȨÏÞ£»
ÔÚ·´Ïò´úÀí¡¢WAF»òAPIÍø¹Ø²ãÀ¹½Ø×éÖ¯Ãû³Æ¼°ÓйزÎÊýÖеġ¢¡¢URL±àÂëõè¾¶·Ö¸ô·ûºÍË«³Á±àÂëÄÚÈÝ£»
¶Ô×éÖ¯Ãû³Æ¡¢Óû§Ãû¼°²Ö¿âÃû³ÆÖ´ÐÐÑϸñ°×Ãûµ¥Ð£Ñ飬½öÔÊÐí×Öĸ¡¢Êý×Ö¡¢Á¬×Ö·ûºÍÏ»®ÏߵȰ²È«×Ö·û£»
²»ÈÝÖ±½ÓʹÓÃÓû§ÊäÈëÆ´½ÓÎļþϵͳõè¾¶£¬²¢ÔÚõè¾¶²Ù×÷ǰִÐй淶»¯´¦Öã»
УÑ鹿·¶»¯ºóµÄÖ¸±êõè¾¶±ØÐëλÓÚÔ¤Éè²Ö¿â´æ´¢¸ùĿ¼֮ÄÚ£»
ÒÔµÍȨÏÞ¶ÀÁ¢ÕË»§ÔËÐÐGogs£¬ÏÞ¶ÈÆä¶ÔϵͳĿ¼¡¢ÅäÖÃĿ¼ºÍÆäËûÒµÎñĿ¼µÄдÈëȨÏÞ£»
¶ÔGit HooksĿ¼ִÐжî±í½Ó¼û½ÚÔ죬²»ÈÝͨ³£²Ö¿â²Ù×÷Åú¸Ähooks/updateµÈ·þÎñÆ÷¶ËHookÎļþ£»
ÏÞ¶ÈGogsÈÝÆ÷ÎļþϵͳȨÏÞ£¬ÆôÓÃÖ»¶Á¸ùÎļþϵͳ£¬²¢½ö¹ÒÔØ±ØÒªµÄÊý¾ÝĿ¼£»
²é³data/tmp/local-r¡¢²Ö¿â´æ´¢Ä¿Â¼¼°ÆäËû¿ÉдĿ¼ÖÐÊÇ·ñ´æÔÚÒ쳣ǶÌ×µÄ.gitĿ¼»òHook¾ç±¾£»
É󼯽üÆÚ×éÖ¯´´½¨¡¢²Ö¿â´´½¨¡¢APIŲÓá¢Git Push¼°·þÎñ¹ý³ÌºÅÁîÖ´ÐÐÈÕÖ¾£»
Èô·¢ÏÖÒì³£HookÎļþ¡¢¿ÉÒÉ×éÖ¯Ãû³Æ»òºÅÁîÖ´Ðкۼ££¬Ó¦Á¢¼´¸ôÀë·þÎñÆ÷£¬²¢ÂÖ»»Êý¾Ý¿âÃÜÂë¡¢APIÁîÅÆ¡¢SSHÃÜÔ¿¼°ÆäËûÍ´´¦¡£
3.3 ͨÓý¨Òé
¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬Ï÷¼õϵͳ·ì϶£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£
¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔ죬Åú¸Ä·À»ðǽսÊõ£¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬Ï÷¼õ¹¥»÷Ãæ¡£
ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£
¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏÞ¶È¡£
ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£
3.4 ²Î¿¼Á´½Ó
https://github.com/gogs/gogs/security/advisories/GHSA-c39w-43gm-34h5/
https://nvd.nist.gov/vuln/detail/CVE-2026-52813


¾©¹«Íø°²±¸11010802024551ºÅ