Remote Code Execution Affecting github.com/go-gitea/gitea/models Open this link in a new tab package, versions <1.7.6 >=1.8.0-rc1 <1.8.0-rc3
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
18 Apr 2019
13 Apr 2019
How to fix?
github.com/go-gitea/gitea/models to version 1.7.6, 1.8.0-rc3 or higher.
github.com/go-gitea/gitea/models is a self-hosted git service.
Affected versions of this package are vulnerable to Remote Code Execution due to mishandling of mirror repo URL settings, leading to remote code execution. This vulnerability is related to the
remoteAddress function within the
models/repo_mirror.go area not validating a repo URL.