VDB
CVE-2022-30781
CVE-2022-30781
PUBLISHED
Gitea before 1.16.7 does not escape git fetch remote.
EPSS 86.41% · 99.4th percentile
Risk Scores
EPSS Score
86.41%
99.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | gitea | 0, 0 |
| Bitnami | gitea | 0 |
Timeline
- May 16, 2022 CVE Published
- May 16, 2022 EPSS Score
- May 25, 2022 CVE Updated
- Sep 15, 2022 PoC Published
- Sep 15, 2022 PoC Published
- Nov 15, 2022 EPSS Score
- Nov 17, 2022 PoC Published
- Nov 17, 2022 PoC Published
- Mar 7, 2023 EPSS Score
- Apr 15, 2023 EPSS Score
- Jun 17, 2023 EPSS Score
- Jul 12, 2023 EPSS Score
References
- http://packetstormsecurity.com/files/168400/Gitea-1.16.6-Remote-Code-Execution.html url
- http://packetstormsecurity.com/files/169928/Gitea-Git-Fetch-Remote-Code-Execution.html url
- https://blog.gitea.io/2022/05/gitea-1.16.7-is-released/ url
- https://github.com/go-gitea/gitea/pull/19487 url
- https://github.com/go-gitea/gitea/pull/19490 url
- https://nvd.nist.gov/vuln/detail/CVE-2022-30781 url