Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-GOLANG-GITHUBCOMGOGITEAGITEA-559123
- published 3 Mar 2020
- disclosed 2 Aug 2018
- credit Siesh1oo
How to fix?
github.com/go-gitea/gitea to version 1.11.2 or higher.
github.com/go-gitea/gitea is a self-hosted git service.
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). API endpoints receive normal GET requests and are not protected by auth.