44 matches found
K000160934: Multiple Go vulnerabilities
Security Advisory Description CVE-2023-45285 Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This onl...
EUVD-2022-1593
Malicious code in bioql PyPI...
CVE-2022-30781
Gitea before 1.16.7 does not escape git fetch remote...
BIT-GITEA-2022-30781
Gitea before 1.16.7 does not escape git fetch remote...
Gitea Git Fetch Remote Code Execution
This module exploits Git fetch command in Gitea repository migration process that leads to a remote command execution on the system. This vulnerability affect Gitea before 1.16.7 version. Module Options msf use exploit/multi/http/giteagitfetchrce msf exploitgiteagitfetchrce show targets...
Gitea Git Fetch Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea repository migration process that lead...
Gitea 1.16.6 Remote Code Execution
Exploit Title: Gitea Git Fetch Remote Code Execution Date: 09/14/2022 Exploit Author: samguy Vendor Homepage: https://gitea.io Software Link: https://dl.gitea.io/gitea/1.16.6 Version: 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea...
Gitea 1.16.6 - Remote Code Execution (RCE) (Metasploit)
Exploit Title: Gitea Git Fetch Remote Code Execution Date: 09/14/2022 Exploit Author: samguy Vendor Homepage: https://gitea.io Software Link: https://dl.gitea.io/gitea/1.16.6 Version: 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea...
GHSA-P5F9-C9J9-G8QX Shell command injection in gitea
Gitea before 1.16.7 does not escape the shell out for git fetch remote allowing for shell command injection...
Shell command injection in gitea
Gitea before 1.16.7 does not escape the shell out for git fetch remote allowing for shell command injection...
CVE-2022-30781
Gitea before 1.16.7 does not escape git fetch remote...
CVE-2022-30781
Gitea before 1.16.7 does not escape git fetch remote...
Design/Logic Flaw
Gitea before 1.16.7 does not escape git fetch remote...
CVE-2022-30781
Gitea before 1.16.7 does not escape git fetch remote...
CVE-2022-30781
CVE-2022-30781 affects Gitea prior to 1.16.7. The issue arises from improper escaping in the git fetch remote during repository migration, enabling remote command execution. Public details confirm a Git fetch remote code path as the root cause and that versions before 1.16.7 are vulnerable; mitig...
CVE-2022-30781
Gitea before 1.16.7 does not escape git fetch remote...
GHSA-5875-M6JQ-VF78 Command injection in workspace-tools
The package workspace-tools before 0.18.4 is vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranchremote: string, remoteBranch: string, cwd: string function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that...
CVE-2022-25865
The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranchremote: string, remoteBranch: string, cwd: string function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that...
CVE-2022-25865
The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranchremote: string, remoteBranch: string, cwd: string function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that...
FreeBSD : gitea -- Escape git fetch remote (95ee401d-cc6a-11ec-9cfc-10c37b4ac2ea)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 95ee401d-cc6a-11ec-9cfc-10c37b4ac2ea advisory. - The Gitea team reports: Escape git fetch remote in services/migrations/giteauploader.go...