Lucene search
+L

CVE-2019-11229

🗓️ 13 Apr 2019 15:07:50Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 360 Views🌐 WEB

Gitea mishandles mirror repo URL settings, leading to remote code execution.

Related
Detection
Refs
Paths
Social
NVD
Node
OR
giteagiteaRange<1.7.6
giteagiteaMatch1.8.0rc1
giteagiteaMatch1.8.0rc2
ParameterPositionPathDescriptionCWE
clone_addrrequest bodyrepo/migrateGitea repository migration with mirror enabled accepts mirror URL/clone address, enabling exploitation when combined with crafted mirror configuration.
mirrorrequest bodyrepo/migrateGitea repository migration with mirror enabled accepts mirror URL/clone address, enabling exploitation when combined with crafted mirror configuration.
repo_namerequest bodyrepo/migrateGitea repository migration with mirror enabled accepts mirror URL/clone address, enabling exploitation when combined with crafted mirror configuration.
uidrequest bodyrepo/migrateGitea repository migration with mirror enabled accepts mirror URL/clone address, enabling exploitation when combined with crafted mirror configuration.
_csrfrequest bodyrepo/migrateGitea repository migration with mirror enabled accepts mirror URL/clone address, enabling exploitation when combined with crafted mirror configuration.
mirror_addressrequest body{username}/{repository}/settingsSettings endpoint accepts mirror_address injection to embed malicious SSH commands leading to remote code execution when enabling mirror features.
actionrequest body{username}/{repository}/settingsSettings endpoint accepts mirror_address injection to embed malicious SSH commands leading to remote code execution when enabling mirror features.
enable_prunerequest body{username}/{repository}/settingsSettings endpoint accepts mirror_address injection to embed malicious SSH commands leading to remote code execution when enabling mirror features.
intervalrequest body{username}/{repository}/settingsSettings endpoint accepts mirror_address injection to embed malicious SSH commands leading to remote code execution when enabling mirror features.

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 02:12Current
8.9High risk
Vulners AI Score8.9
CVSS 26.5
CVSS 3.18.8
EPSS0.55578
360