Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.
References
Link | Resource |
---|---|
https://github.com/go-gitea/gitea/pull/13525 | Patch Third Party Advisory |
https://github.com/go-gitea/gitea/releases/tag/v1.12.6 | Release Notes Third Party Advisory |
https://github.com/go-gitea/gitea/pull/13525 | Patch Third Party Advisory |
https://github.com/go-gitea/gitea/releases/tag/v1.12.6 | Release Notes Third Party Advisory |
Configurations
History
21 Nov 2024, 05:23
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/go-gitea/gitea/pull/13525 - Patch, Third Party Advisory | |
References | () https://github.com/go-gitea/gitea/releases/tag/v1.12.6 - Release Notes, Third Party Advisory |
Information
Published : 2020-11-24 01:15
Updated : 2024-11-21 05:23
NVD link : CVE-2020-28991
Mitre link : CVE-2020-28991
CVE.ORG link : CVE-2020-28991
JSON object : View
Products Affected
gitea
- gitea
CWE