The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests with malicious branch names.

The post Gogs Zero-Day Exposes Servers to Remote Code Execution appeared first on SecurityWeek.