Tag
Gogs, a self-hosted Git service, is vulnerable to a Critical (CVSS 9.9) Remote Code Execution (RCE) via `git rebase --exec` argument injection (GHSA-qf6p-p7ww-cwr9) during pull request merge operations, allowing an authenticated attacker to execute arbitrary commands as the Gogs server process user and achieve full server compromise.