Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13OHh3LTdjcmYtaDIzeM4AAvXZ
Gitea vulnerable to Argument Injection
Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled.
Permalink: https://github.com/advisories/GHSA-w8xw-7crf-h23xJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13OHh3LTdjcmYtaDIzeM4AAvXZ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 12 months ago
Updated: 8 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-w8xw-7crf-h23x, CVE-2022-42968
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-42968
- https://github.com/go-gitea/gitea/pull/21463
- https://github.com/go-gitea/gitea/releases/tag/v1.17.3
- https://security.gentoo.org/glsa/202210-14
- https://github.com/advisories/GHSA-w8xw-7crf-h23x
Affected Packages
go:github.com/go-gitea/gitea
Versions: < 1.17.3Fixed in: 1.17.3