CVE-2022-42968: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
(updated )
Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled.
References
Detect and mitigate CVE-2022-42968 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →