Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-11229 — Code Injection in Go-gitea Gitea

Severity

8.8HIGHNVD

EPSS

26.5%

top 3.66%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Timeline

PublishedApr 15

Latest updateAug 21

Description

models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

▶NVDgitea/gitea< 1.7.6+1

OSV

Gitea Remote Code Execution in github.com/go-gitea/gitea↗2024-08-21

▶

OSV

Gitea Remote Code Execution↗2022-02-15

▶

GHSA

Gitea Remote Code Execution↗2022-02-15

▶

Exploit-DB

Gitea 1.7.5 - Remote Code Execution↗2021-01-06

▶