¡¾·ì϶¹«¸æ¡¿Gogsõè¾¶±éÀúÔ¶³Ì´úÂëÖ´Ðзì϶(CVE-2026-52813)

°ä²¼¹¦·ò 2026-06-25

Ò»¡¢·ì϶¸ÅÊö


0625·ì϶¸ÅÊö.png


GogsÊÇÒ»¿îʹÓÃGo˵»°¿ª·¢µÄ¿ªÔ´×ÔÍйÜGit·þÎñƽ̨£¬¿ÉÓÃÓڴÆóÒµ»òÓ×ÎÒ´úÂëÍйÜϵͳ£¬Ö§³ÖGit²Ö¿âÖÎÀí¡¢×éÖ¯ÓëÍŶÓÖÎÀí¡¢È¨ÏÞ½ÚÔì¡¢ÎÊÌâ¸ú×Ù¡¢´úÂëÉó²é¡¢Webhook¼°APIµÈÖ°ÄÜ£¬ÓµÓв¿Êðµ¥Ò»¡¢×ÊÔ´Õ¼ÓÃ½ÏµÍºÍ¿çÆ½Ì¨ÔËÐеÈÌØµã¡£


2026Äê6ÔÂ25ÈÕ£¬mansion88Ã÷Éý°²È«Ó¦¼±ÏìÓ¦ÖÐÐÄ£¨VSRC£©¼à²âµ½Gogsõè¾¶±éÀúÔ¶³Ì´úÂëÖ´Ðзì϶¡£¸Ã·ì϶´æÔÚÓÚinternal/database/org.goµÈÓйشúÂëÖУ¬ÓÉÓÚϵͳδ¶Ô×éÖ¯Ãû³ÆÖеÄõè¾¶±éÀúÐòÁнøÐÐÑϸñУÑ飬µ¼Ö²ֿâ¿É±»´´½¨µ½Ô¤ÆÚĿ¼֮±í¡£¹¥»÷Õ߿ɻú¹Ø¶ñÒâ×éÖ¯Ãû³Æ£¬½«Ç¶Ì×Git²Ö¿âдÈëÆäËû²Ö¿âµÄ±¾µØ¹¤×÷Ŀ¼£¬´Û¸Ähooks/updateµÈGit Hooks¾ç±¾²¢´¥·¢Ö´ÐУ¬´Ó¶øÒÔGogs·þÎñ¹ý³ÌÉí·ÝÖ´ÐÐËÁÒâºÅÁî¡£



¶þ¡¢Ó°ÏìÁìÓò



Gogs < 0.14.3

ÔÚĬÈÏÔÊÐíÓû§×ÔÐÐ×¢²á²¢´´½¨×éÖ¯µÄÅäÖÃÏ£¬Î´¾­ÖÎÀíÔ±ÊÚȨµÄ±í²¿Óû§¿ÉÄÜ×¢²áͨ³£ÕË»§£¬²¢Í¨¹ý×éÖ¯´´½¨¼°²Ö¿â²Ù×÷ʵÏÖ·ì϶ÀûÓá£



Èý¡¢°²È«´ëÊ©



3.1 Éý¼¶°æ±¾


¹Ù·½ÒѰ䲼½¨¸´²¹¶¡£¬ÒÔ½¨¸´¸Ã·ì϶

Gogs >= 0.14.3

ÏÂÔØÁ´½Ó£º

https://github.com/gogs/gogs/releases


3.2 һʱ´ëÊ©


ÈôÁÙʱÎÞ·¨Éý¼¶£¬½¨Òé²ÉÈ¡ÒÔÏ´ëÊ©½µµÍ·ì϶ÀûÓ÷çÏÕ£º

¹Ø¹ØÓû§×ÔÖ÷×¢²áÖ°ÄÜ£¬½öÔÊÐíÖÎÀíÔ±´´½¨ÊÜÐÅÀµÕË»§£»

ÏÞ¶Èͨ³£Óû§´´½¨×éÖ¯¡¢²Ö¿âÒÔ¼°Å²ÓÃÓйØAPIµÄȨÏÞ£»

ÔÚ·´Ïò´úÀí¡¢WAF»òAPIÍø¹Ø²ãÀ¹½Ø×éÖ¯Ãû³Æ¼°ÓйزÎÊýÖеġ¢¡¢URL±àÂëõè¾¶·Ö¸ô·ûºÍË«³Á±àÂëÄÚÈÝ£»

¶Ô×éÖ¯Ãû³Æ¡¢Óû§Ãû¼°²Ö¿âÃû³ÆÖ´ÐÐÑϸñ°×Ãûµ¥Ð£Ñ飬½öÔÊÐí×Öĸ¡¢Êý×Ö¡¢Á¬×Ö·ûºÍÏ»®ÏߵȰ²È«×Ö·û£»

²»ÈÝÖ±½ÓʹÓÃÓû§ÊäÈëÆ´½ÓÎļþϵͳõè¾¶£¬²¢ÔÚõè¾¶²Ù×÷ǰִÐй淶»¯´¦Öã»

УÑ鹿·¶»¯ºóµÄÖ¸±êõè¾¶±ØÐëλÓÚÔ¤Éè²Ö¿â´æ´¢¸ùĿ¼֮ÄÚ£»

ÒÔµÍȨÏÞ¶ÀÁ¢ÕË»§ÔËÐÐGogs£¬ÏÞ¶ÈÆä¶ÔϵͳĿ¼¡¢ÅäÖÃĿ¼ºÍÆäËûÒµÎñĿ¼µÄдÈëȨÏÞ£»

¶ÔGit HooksĿ¼ִÐжî±í½Ó¼û½ÚÔ죬²»ÈÝͨ³£²Ö¿â²Ù×÷Åú¸Ähooks/updateµÈ·þÎñÆ÷¶ËHookÎļþ£»

ÏÞ¶ÈGogsÈÝÆ÷ÎļþϵͳȨÏÞ£¬ÆôÓÃÖ»¶Á¸ùÎļþϵͳ£¬²¢½ö¹ÒÔØ±ØÒªµÄÊý¾ÝĿ¼£»

²é³­data/tmp/local-r¡¢²Ö¿â´æ´¢Ä¿Â¼¼°ÆäËû¿ÉдĿ¼ÖÐÊÇ·ñ´æÔÚÒ쳣ǶÌ×µÄ.gitĿ¼»òHook¾ç±¾£»

É󼯽üÆÚ×éÖ¯´´½¨¡¢²Ö¿â´´½¨¡¢APIŲÓá¢Git Push¼°·þÎñ¹ý³ÌºÅÁîÖ´ÐÐÈÕÖ¾£»

Èô·¢ÏÖÒì³£HookÎļþ¡¢¿ÉÒÉ×éÖ¯Ãû³Æ»òºÅÁîÖ´Ðкۼ££¬Ó¦Á¢¼´¸ôÀë·þÎñÆ÷£¬²¢ÂÖ»»Êý¾Ý¿âÃÜÂë¡¢APIÁîÅÆ¡¢SSHÃÜÔ¿¼°ÆäËûÍ´´¦¡£


3.3 ͨÓý¨Òé


¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬Ï÷¼õϵͳ·ì϶£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£

¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔ죬Åú¸Ä·À»ðǽսÊõ£¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬Ï÷¼õ¹¥»÷Ãæ¡£

ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£

¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏÞ¶È¡£

ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£


3.4 ²Î¿¼Á´½Ó


https://github.com/gogs/gogs/security/advisories/GHSA-c39w-43gm-34h5/

https://nvd.nist.gov/vuln/detail/CVE-2026-52813