Описание
Improper Access Control in Gitea
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.
Пакеты
Наименование
github.com/go-gitea/gitea
go
Затронутые версииВерсия исправления
>= 0.9.99, < 1.12.6
1.12.6
Связанные уязвимости
CVSS3: 9.8
nvd
около 5 лет назад
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.
CVSS3: 9.8
debian
около 5 лет назад
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git proto ...