Gitea 0.9.99 up to and including 1.12.x prior to 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gitea gitea |