Affected by GO-2022-0310 and 15 other vulnerabilities

GO-2022-0310: Capture-replay in Gitea in code.gitea.io/gitea

GO-2022-0353: Path Traversal in Gitea in code.gitea.io/gitea

GO-2022-0442: Arbitrary file deletion in gitea in code.gitea.io/gitea

GO-2022-0450: Shell command injection in gitea in code.gitea.io/gitea

GO-2022-0609: Gitea Missing Authorization vulnerability in code.gitea.io/gitea

GO-2022-0612: Stored Cross-site Scripting in gitea in code.gitea.io/gitea

GO-2022-0830: Denial of Service in Gitea in code.gitea.io/gitea

GO-2022-0832: Cross-site Scripting in Gitea in code.gitea.io/gitea

GO-2022-1065: Gitea vulnerable to Argument Injection in code.gitea.io/gitea

GO-2023-1894: code.gitea.io/gitea Open Redirect vulnerability

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1999: Gitea erroneous repo clones in code.gitea.io/gitea

GO-2024-2752: Gitea Open Redirect in code.gitea.io/gitea

GO-2024-2757: Buffer Overflow in gitea in code.gitea.io/gitea

GO-2024-2769: Gitea allowed assignment of private issues in code.gitea.io/gitea

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

modules/

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Path	Synopsis
auth
ldap Package ldap provide functions & structure to query a LDAP ldap directory For now, it's mainly tested again an MS Active Directory service, see README.md for more information	Package ldap provide functions & structure to query a LDAP ldap directory For now, it's mainly tested again an MS Active Directory service, see README.md for more information
oauth2
openid
pam
avatar
base
cache
charset
context
cron
generate
git
gzip
highlight
httplib
indexer
issues
lfs
log
markup
csv
external
markdown
mdstripper
orgmode
metrics
migrations
base
minwinsvc Package minwinsvc is a minimal non-invasive windows only service stub.	Package minwinsvc is a minimal non-invasive windows only service stub.
notification
base
indexer
mail
ui
options
password
pprof
private
process
public
recaptcha
references
repofiles
search
secret
session
setting
ssh
structs
sync
task
templates
test
timeutil
upload
user
util
validation