x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-hqx2-j33x-9fc4 #2772

GoVulnBot · 2024-04-24T23:01:30Z

In GitHub Security Advisory GHSA-hqx2-j33x-9fc4, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
code.gitea.io/gitea	1.7.4	>= 1.7.2, < 1.7.4

Cross references:

Module code.gitea.io/gitea appears in issue x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-jr9c-h74f-2v28 #609 EFFECTIVELY_PRIVATE
Module code.gitea.io/gitea appears in issue x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-ph3w-2843-72mx #612 EFFECTIVELY_PRIVATE
Module code.gitea.io/gitea appears in issue x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-g95p-88p4-76cm #832 NOT_IMPORTABLE
Module code.gitea.io/gitea appears in issue x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-hf6f-jq25-8gq9 #844 NOT_IMPORTABLE
Module code.gitea.io/gitea appears in issue x/vulndb: potential Go vuln in code.gitea.io/gitea: CVE-2021-45330, GHSA-pg38-r834-g45j #982 EFFECTIVELY_PRIVATE
Module code.gitea.io/gitea appears in issue x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-cf6v-9j57-v6r6 #1894 EFFECTIVELY_PRIVATE
Module code.gitea.io/gitea appears in issue x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-5rh7-6gfj-mc87 #1922 EFFECTIVELY_PRIVATE
CVE-2019-1010314 appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2019-1010314 #2222 LEGACY_FALSE_POSITIVE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: code.gitea.io/gitea
      versions:
        - introduced: 1.7.2
          fixed: 1.7.4
      vulnerable_at: 1.7.3
      packages:
        - package: code.gitea.io/gitea
summary: Gitea XSS Vulnerability in Repository Description in code.gitea.io/gitea
cves:
    - CVE-2019-1010314
ghsas:
    - GHSA-hqx2-j33x-9fc4
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2019-1010314
    - report: https://github.com/go-gitea/gitea/issues/8717
    - fix: https://github.com/go-gitea/gitea/pull/6306
    - fix: https://github.com/go-gitea/gitea/pull/6308
    - fix: https://github.com/go-gitea/gitea/commit/c7bbfd8f5eb097c6910e142415fcdf48fc3c9814
    - web: https://github.com/go-gitea/gitea/releases/tag/v1.7.4
    - advisory: https://github.com/advisories/GHSA-hqx2-j33x-9fc4
source:
    id: GHSA-hqx2-j33x-9fc4

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-04-30T15:57:58Z

Change https://go.dev/cl/582535 mentions this issue: data/reports: batch add unreviewed reports

tatianab · 2024-04-30T17:37:47Z

Duplicate of #2222

tatianab marked this as a duplicate of #2222 Apr 30, 2024

tatianab closed this as completed Apr 30, 2024

tatianab added the duplicate label Apr 30, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-hqx2-j33x-9fc4 #2772

x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-hqx2-j33x-9fc4 #2772

GoVulnBot commented Apr 24, 2024

gopherbot commented Apr 30, 2024

tatianab commented Apr 30, 2024

x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-hqx2-j33x-9fc4 #2772

x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-hqx2-j33x-9fc4 #2772

Comments

GoVulnBot commented Apr 24, 2024

gopherbot commented Apr 30, 2024

tatianab commented Apr 30, 2024