Critical severityNVD Advisory· Published Nov 24, 2020· Updated Aug 4, 2024
CVE-2020-28991
CVE-2020-28991
Description
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/go-gitea/giteaGo | >= 0.9.99, < 1.12.6 | 1.12.6 |
Affected products
3- Gitea/Giteadescription
- osv-coords2 versions
>= 0.9.99, < 1.12.6+ 1 more
- (no CPE)range: >= 0.9.99, < 1.12.6
- (no CPE)range: >= 0.9.99, < 1.12.6
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-r7h7-chh4-5rvmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-28991ghsaADVISORY
- github.com/go-gitea/gitea/pull/13525ghsax_refsource_MISCWEB
- github.com/go-gitea/gitea/releases/tag/v1.12.6ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.