CVE-2020-28991 - log back

CVE-2020-28991 edited at 27 Nov 2020 17:10:09
Description
- Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.
+ Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go, causing partial SSRF.
CVE-2020-28991 edited at 24 Nov 2020 20:35:13
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Insufficient validation
Description
+ Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.
References
+ https://github.com/go-gitea/gitea/releases/tag/v1.12.6
+ https://github.com/go-gitea/gitea/commit/480efbdb96e4092493ec1e3683b2ab688ac95096
Notes
CVE-2020-28991 created at 24 Nov 2020 20:27:43