gitea
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Painless self-hosted Git service, community managed. |
| Version | 1.22.3-2 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1689 | 1.13.2-1 | 1.13.4-1 | High | Fixed | |
| AVG-1538 | 1.13.1-1 | 1.13.2-1 | Medium | Not affected | |
| AVG-1299 | 1.12.5-1 | 1.12.6-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-28378 | AVG-1689 | High | Yes | Cross-site scripting | Gitea 1.12.x and 1.13.x before 1.13.4 allows cross-site scripting (XSS) via certain issue data in some situations. |
| CVE-2021-3382 | AVG-1538 | Medium | Yes | Denial of service | A stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path. |
| CVE-2020-28991 | AVG-1299 | Medium | Yes | Insufficient validation | Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 26 Nov 2020 | ASA-202011-26 | AVG-1299 | Medium | insufficient validation |