CVE-2019-1010314: Gitea XSS Vulnerability in Repository Description
(updated )
Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim’s browser, when the vulnerable repo page is loaded. The component is: repository’s description. The attack vector is: victim must navigate to public and affected repo page.
References
- github.com/advisories/GHSA-hqx2-j33x-9fc4
- github.com/go-gitea/gitea
- github.com/go-gitea/gitea/commit/c7bbfd8f5eb097c6910e142415fcdf48fc3c9814
- github.com/go-gitea/gitea/issues/8717
- github.com/go-gitea/gitea/pull/6306
- github.com/go-gitea/gitea/pull/6308
- github.com/go-gitea/gitea/releases/tag/v1.7.4
- nvd.nist.gov/vuln/detail/CVE-2019-1010314
Detect and mitigate CVE-2019-1010314 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →