Описание
Gitea XSS Vulnerability in Repository Description
Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-1010314
- https://github.com/go-gitea/gitea/issues/8717
- https://github.com/go-gitea/gitea/pull/6306
- https://github.com/go-gitea/gitea/pull/6308
- https://github.com/go-gitea/gitea/commit/c7bbfd8f5eb097c6910e142415fcdf48fc3c9814
- https://github.com/go-gitea/gitea/releases/tag/v1.7.4
Пакеты
code.gitea.io/gitea
>= 1.7.2, < 1.7.4
1.7.4
Связанные уязвимости
Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page.
Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page.
Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The imp ...