x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-4rqq-rxvc-v2rc

[GoVulnBot]

In GitHub Security Advisory GHSA-4rqq-rxvc-v2rc, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
code.gitea.io/gitea	1.16.5	< 1.16.5

Cross references:

• Module code.gitea.io/gitea appears in issue x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-jr9c-h74f-2v28 #609 EFFECTIVELY_PRIVATE
• Module code.gitea.io/gitea appears in issue x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-ph3w-2843-72mx #612 EFFECTIVELY_PRIVATE
• Module code.gitea.io/gitea appears in issue x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-g95p-88p4-76cm #832 NOT_IMPORTABLE
• Module code.gitea.io/gitea appears in issue x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-hf6f-jq25-8gq9 #844 NOT_IMPORTABLE
• Module code.gitea.io/gitea appears in issue x/vulndb: potential Go vuln in code.gitea.io/gitea: CVE-2021-45330, GHSA-pg38-r834-g45j #982 EFFECTIVELY_PRIVATE
• Module code.gitea.io/gitea appears in issue x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-cf6v-9j57-v6r6 #1894 EFFECTIVELY_PRIVATE
• Module code.gitea.io/gitea appears in issue x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-5rh7-6gfj-mc87 #1922 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: code.gitea.io/gitea
      versions:
        - fixed: 1.16.5
      vulnerable_at: 1.16.4
      packages:
        - package: code.gitea.io/gitea
summary: Gitea Open Redirect in code.gitea.io/gitea
cves:
    - CVE-2022-1058
ghsas:
    - GHSA-4rqq-rxvc-v2rc
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2022-1058
    - fix: https://github.com/go-gitea/gitea/commit/e3d8e92bdc67562783de9a76b5b7842b68daeb48
    - web: https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d
    - fix: https://github.com/go-gitea/gitea/pull/19175
    - fix: https://github.com/go-gitea/gitea/pull/19186
    - advisory: https://github.com/advisories/GHSA-4rqq-rxvc-v2rc
source:
    id: GHSA-4rqq-rxvc-v2rc

[gopherbot]

Change https://go.dev/cl/586484 mentions this issue: data/reports: add 73 unreviewed reports

[gopherbot]

Change https://go.dev/cl/590039 mentions this issue: data/reports: add 51 reports

[gopherbot]

Change https://go.dev/cl/606359 mentions this issue: data/reports: regenerate 50 reports