Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-11-24T00:29:39

Updated: 2024-08-04T16:48:01.235Z

Reserved: 2020-11-24T00:00:00

Link: CVE-2020-28991

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-11-24T01:15:11.833

Modified: 2024-11-21T05:23:26.810

Link: CVE-2020-28991

cve-icon Redhat

No data.