GHSA-r7h7-chh4-5rvm

Source

https://github.com/advisories/GHSA-r7h7-chh4-5rvm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-r7h7-chh4-5rvm/GHSA-r7h7-chh4-5rvm.json

Aliases

• BIT-gitea-2020-28991
• CVE-2020-28991

Published

2024-04-24T20:56:53Z

Modified

2024-04-24T21:11:22.865980Z

Details

Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.

References

• https://nvd.nist.gov/vuln/detail/CVE-2020-28991
• https://github.com/go-gitea/gitea/pull/13525
• https://github.com/go-gitea/gitea
• https://github.com/go-gitea/gitea/releases/tag/v1.12.6