ALT-PU-2021-1612-2

CVE-2021-28378

MEDIUM5.4

Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.

Published: 2021-03-15Modified: 2024-11-21

CVSS 2.0LOW 3.5

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS 3.xMEDIUM 5.4

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References

CVE-2021-29134

MEDIUM5.3

The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL.

Published: 2022-03-15Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

CVE-2021-3382

HIGH7.5

Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path.

Published: 2021-02-05Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

GHSA-9f8c-pfvv-p4gm

HIGH7.0

Buffer Overflow in gitea

Published: 2024-04-24

CVSS 3.xHIGH 7.0

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

References

GHSA-g95p-88p4-76cm

MEDIUM5.4

Cross-site Scripting in Gitea

Published: 2021-09-27Modified: 2021-09-27

CVSS 3.xMEDIUM 5.4

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References

GHSA-h3q4-vmw4-cpr5

MEDIUM5.3

Path Traversal in Gitea

Published: 2022-03-16Modified: 2022-03-29

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

Package update gitea in branch sisyphus

Closed issues (6)

Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.

The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL.

Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path.

Buffer Overflow in gitea

Cross-site Scripting in Gitea

Path Traversal in Gitea