{
  "repository": "https://github.com/gogs/gogs",
  "commit_source": "git_rev_parse",
  "commit_sha": "5dcb6c64bdf61e38dbdbb941c1d69789c560d0fb",
  "submitted_target": {
    "target_kind": "git_tag",
    "commit_sha": "5dcb6c64bdf61e38dbdbb941c1d69789c560d0fb",
    "version": "0.14.2",
    "ref": "v0.14.2",
    "display": "gogs v0.14.2 (5dcb6c64) — vulnerable target of CVE-2026-52813"
  },
  "variant_target": {
    "target_kind": "git_tag",
    "commit_sha": "5dcb6c64bdf61e38dbdbb941c1d69789c560d0fb",
    "version": "0.14.2",
    "ref": "v0.14.2",
    "display": "gogs v0.14.2 (5dcb6c64) — non-admin CreateMyOrg entry point confirmed to reproduce (RCE as is_admin=0 user)"
  },
  "fixed_target_tested": {
    "target_kind": "git_tag",
    "commit_sha": "3ba8aca90e17e5410b7e8b227c9f29256ac3e875",
    "version": "0.14.3",
    "ref": "v0.14.3",
    "display": "gogs v0.14.3 (3ba8aca9) — fixed; variant blocked (org create 422, no RCE)"
  },
  "build_identity": {
    "vuln_binary_version": "Gogs version 0.14.2",
    "fixed_binary_version": "Gogs version 0.14.3",
    "build_flags": "go build -tags 'sqlite cert' -o <bin> .",
    "go_version": "go1.25",
    "repo_dir": "/data/pruva/project-cache/434d5a1b-91bf-4625-a029-d1d766c01877/repo",
    "repo_head_after_run": "3ba8aca90e17e5410b7e8b227c9f29256ac3e875 (restored to fixed ref)"
  },
  "notes": "The variant was confirmed to reproduce (RCE) on the vulnerable v0.14.2 (variant_target) using a non-admin user (is_admin=0) via POST /api/v1/user/orgs. The same variant was tested against the fixed v0.14.3 (fixed_target_tested) and blocked (HTTP 422, no RCE). Both binaries were built from source at the exact tagged commits above (git rev-parse of v0.14.2 and v0.14.3). The cache repo was restored to the fixed ref (v0.14.3) at the end of the run."
}
