Описание
Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled.
A flaw was found in Gitea. The self-hosted Git service does not sanitize and escape refs in the git backend. This issue could allow an attacker to craft arguments for the git commands, which will be mishandled.
Отчет
The 'gitea' package is a transitive dependency in the Red Hat products and is not used directly in a codebase, which reduces the chances of successful exploitation. Hence, the impact is set as Moderate.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/lokistack-gateway-rhel9 | Not affected | ||
| OpenShift Serverless | openshift-serverless-1/client-kn-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/acm-search-v2-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-main-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-scanner-rhel8 | Not affected | ||
| Red Hat OpenShift GitOps | openshift-gitops-1/kam-delivery-rhel8 | Not affected | ||
| Red Hat OpenShift GitOps | openshift-gitops-kam | Not affected | ||
| Red Hat Quay 3 | quay/quay-builder-rhel8 | Not affected |
Показывать по
Дополнительная информация
Статус:
9.8 Critical
CVSS3
Связанные уязвимости
Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled.
Gitea before 1.17.3 does not sanitize and escape refs in the git backe ...
9.8 Critical
CVSS3