Headline
CVE-2022-27313: Fix lfs bug by lunny · Pull Request #19072 · go-gitea/gitea
An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service (DoS) via deleting the configuration file.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Pick a username
Email Address
Password
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Related news
The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above