Skip to content

x/vulndb: potential Go vuln in code.gitea.io/gitea: CVE-2021-45330, GHSA-pg38-r834-g45j #982

Closed
Closed
x/vulndb: potential Go vuln in code.gitea.io/gitea: CVE-2021-45330, GHSA-pg38-r834-g45j#982
Assignees
neild
Labels
excluded: EFFECTIVELY_PRIVATEThis vulnerability exists in a package can be imported, but isn't meant to be outside that module.
@tatianab

Description

@tatianab
tatianab
opened on Sep 9, 2022

In GitHub Security Advisory GHSA-pg38-r834-g45j, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
code.gitea.io/gitea 1.6.0 < 1.6.0

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: TODO
    versions:
      - fixed: 1.6.0
    packages:
      - package: code.gitea.io/gitea
description: An issue exsits in Gitea through 1.15.7, which could let a malicious
    user gain privileges due to client side cookies not being deleted and the session
    remains valid on the server side for reuse.
cves:
  - CVE-2021-45330
ghsas:
  - GHSA-pg38-r834-g45j

Metadata

Metadata

Assignees

Labels

excluded: EFFECTIVELY_PRIVATEThis vulnerability exists in a package can be imported, but isn't meant to be outside that module.

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions