4 matches found
CVE-2020-28991
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines with URL encoding in ParseRemoteAddr in modules/auth/repoform.go...
Gitea 0.9.99 < 1.12.6 RCE Vulnerability
Gitea is prone to a remote code execution RCE vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...
CVE-2020-28991
creationtimestamp| type| source ---|---|--- 2020-11-24 07:46:20+00:00| seen| https://t.me/cibsecurity/16762...
CVE-2020-28991
Gitea 0.9.99 through 1.12.x before 1.12.6 is vulnerable due to ParseRemoteAddr handling of a git protocol path containing a TCP port and encoded newlines, enabling partial SSRF. The issue affects the gitea repository server implementation and can be triggered by crafted Git URLs. Upstream fix: up...