gitea

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Painless self-hosted Git service, community managed.
Version 1.15.5-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1689 1.13.2-1 1.13.4-1 High Fixed
AVG-1538 1.13.1-1 1.13.2-1 Medium Not affected
AVG-1299 1.12.5-1 1.12.6-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-28378 AVG-1689 High Yes Cross-site scripting
Gitea 1.12.x and 1.13.x before 1.13.4 allows cross-site scripting (XSS) via certain issue data in some situations.
CVE-2021-3382 AVG-1538 Medium Yes Denial of service
A stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path.
CVE-2020-28991 AVG-1299 Medium Yes Insufficient validation
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL...

Advisories

Date Advisory Group Severity Type
26 Nov 2020 ASA-202011-26 AVG-1299 Medium insufficient validation