CVE-2022-42968Argument Injection in Gitea

CWE-88Argument Injection5 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.6%
top 31.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Code.gitea.io GiteaGithub.com Go-gitea GiteaGitea
Timeline
PublishedOct 16
Latest updateAug 21

Description

Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDgitea/gitea< 1.17.3
Gocode.gitea.io/gitea< 1.17.3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
Gitea vulnerable to Argument Injection in code.gitea.io/gitea2024-08-21
OSV
Gitea vulnerable to Argument Injection2022-10-16
GHSA
Gitea vulnerable to Argument Injection2022-10-16

📋Vendor Advisories

1
Red Hat
gitea: Sanitize and Escape refs in git backend2022-10-16