CVE-2022-42968: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

October 16, 2022 (updated December 3, 2022)

Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled.

References

github.com/go-gitea/gitea/pull/21463
github.com/go-gitea/gitea/releases/tag/v1.17.3
nvd.nist.gov/vuln/detail/CVE-2022-42968

Detect and mitigate CVE-2022-42968 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →