ALT Linux Team

Package gitea update in sisyphus on 2019-02-01

ALT-PU-2019-1168-1

Package gitea updated to version 1.7.1-alt1 for branch sisyphus in task 220390.

Closed vulnerabilities

Published: 2019-07-18
Modified: 2024-11-21

CVE-2019-1010261

Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically crafted URL. The fixed version is: 1.7.1 and later.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top