Lucene search

K

Veracode Vulnerability DatabaseVERACODE:35583

HistoryMay 18, 2022 - 10:53 a.m.

Remote Code Execution (RCE)

2022-05-1810:53:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

1168

remote code execution

github.com/go-gitea/gitea

vulnerability

EPSS

0.812

Percentile

98.4%

github.com/go-gitea/gitea is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the newPullRequest function in the gitea_uploader.go file allowing an attacker to inject maliciously crafted script into the system.

References

packetstormsecurity.com/files/168400/Gitea-1.16.6-Remote-Code-Execution.html

packetstormsecurity.com/files/169928/Gitea-Git-Fetch-Remote-Code-Execution.html

blog.gitea.io/2022/05/gitea-1.16.7-is-released/

github.com/advisories/GHSA-p5f9-c9j9-g8qx

github.com/go-gitea/gitea/commit/242f7f1a528af0b85ad0dd6fa88ed2d889b92385

github.com/go-gitea/gitea/pull/19487

github.com/go-gitea/gitea/pull/19490

EPSS

0.812

Percentile

98.4%

Related for VERACODE:35583

prion1 cvelist1 cve1 openvas1 exploitdb1 nvd1 zdt2 osv4 gitlab1 github1 metasploit1 githubexploit1 alpinelinux1 packetstorm2 rapid7blog1