ALT Linux Team

Package gitea update in sisyphus on 2022-10-19

ALT-PU-2022-2880-2

Package gitea updated to version 1.17.3-alt1 for branch sisyphus in task 308688.

Closed vulnerabilities

Published: 2022-10-16
Modified: 2025-05-14

CVE-2022-42968

Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled.

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-10-16
Modified: 2022-10-21

GHSA-w8xw-7crf-h23x

Gitea vulnerable to Argument Injection

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top