FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
83466f76-aefe-11ec-b4b6-d05099c0c059gitea -- Open Redirect on login

Andrew Thornton reports:

When a location containing backslashes is presented, the existing protections against open redirect are bypassed, because browsers will convert adjacent forward and backslashes within the location to double forward slashes.


Discovery 2022-03-23
Entry 2022-03-29
gitea
< 1.16.5

CVE-2022-1058
https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d/
95ee401d-cc6a-11ec-9cfc-10c37b4ac2eagitea -- Escape git fetch remote

The Gitea team reports:

Escape git fetch remote in services/migrations/gitea_uploader.go


Discovery 2022-04-25
Entry 2022-05-05
gitea
< 1.16.7

https://github.com/go-gitea/gitea/pull/19487
0ff80f41-aefe-11ec-b4b6-d05099c0c059gitea -- Improper/incorrect authorization

Youssef Rebahi-Gilbert reports:

When Gitea is built and configured for PAM authentication it skips checking authorization completely. Therefore expired accounts and accounts with expired passwords can still login.


Discovery 2022-03-06
Entry 2022-03-29
gitea
< 1.16.4

CVE-2022-0905
https://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb