CVE-2022-42968

CRITICAL

Gitea <1.17.3 - Code Injection

Title source: llm

Description

Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled.

References (3)

Scores

CVSS v3 9.8
EPSS 0.0053
EPSS Percentile 66.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-88
Status published

Affected Products (2)

gitea/gitea < 1.17.3
go-gitea/gitea < 1.17.3Go

Timeline

Published Oct 16, 2022
Tracked Since Feb 18, 2026