Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disallow urlencoded new lines in git protocol paths if there is a port (#13521) #13525

Merged
merged 1 commit into from Nov 11, 2020

Conversation

6543
Copy link
Member

@6543 6543 commented Nov 11, 2020

Backport #13521

@lafriks lafriks merged commit 480efbd into go-gitea:release/v1.12 Nov 11, 2020
2 checks passed
@lafriks lafriks deleted the Backport2_13521 branch November 11, 2020 21:48
@stypr
Copy link

stypr commented Nov 13, 2020

LGTM

@abergmann
Copy link

CVE-2020-28991 was assigned to this issue.

@stypr
Copy link

stypr commented Nov 25, 2020

CVE-2020-28991 was assigned to this issue.

The impact is that this vulnerability can cause partial SSRF.
For some reason the impact was snipped off from the vulnerability summary by the CNA.

I'm keeping it an additional reference in here as an original reporter.

(This comment may change in the future)

@go-gitea go-gitea locked and limited conversation to collaborators Dec 14, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Development

Successfully merging this pull request may close these issues.

None yet

7 participants