#security

[security] Gitea < 1.17.2 bypassing URL restrictions during migration explained

24 October , 2022 · 2 min read

Prior to Gitea 1.17.2 a malicious Gitea server could be used to request local files using the migration web interface or the REST API.

#gna #gitea #security #problem #upgrade #solution
[security] Gitea < 1.17.3 git option injection explained

17 October , 2022 · 2 min read

Prior to Gitea 1.17.3 the web interface that displays the commit graph could be used to inject git options used by the Gitea server.

#gna #gitea #security #problem #upgrade #solution