-
[security] Gitea < 1.17.2 bypassing URL restrictions during migration explained
Prior to Gitea 1.17.2 a malicious Gitea server could be used to request local files using the migration web interface or the REST API.
-
[security] Gitea < 1.17.3 git option injection explained
Prior to Gitea 1.17.3 the web interface that displays the commit graph could be used to inject git options used by the Gitea server.