Moderate severityNVD Advisory· Published Mar 15, 2021· Updated Aug 3, 2024
CVE-2021-28378
CVE-2021-28378
Description
Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
code.gitea.io/giteaGo | < 1.13.4 | 1.13.4 |
Affected products
3- Gitea/Giteadescription
- osv-coords2 versions
>= 1.12.0, < 1.12.7+ 1 more
- (no CPE)range: >= 1.12.0, < 1.12.7
- (no CPE)range: < 1.13.4
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-g95p-88p4-76cmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-28378ghsaADVISORY
- blog.gitea.io/2021/03/gitea-1.13.4-is-releasedghsaWEB
- blog.gitea.io/2021/03/gitea-1.13.4-is-released/mitrex_refsource_MISC
- github.com/go-gitea/gitea/pull/14898ghsax_refsource_MISCWEB
- github.com/go-gitea/gitea/pull/14899ghsaWEB
News mentions
0No linked articles in our index yet.