CVE-2021-45327
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Capture-replay in Gitea in code.gitea.io/gitea
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/go-gitea/gitea | <1.11.2 | 1.11.2 |
| Go | code.gitea.io/gitea | <1.11.2 | 1.11.2 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2021-45327
- https://github.com/go-gitea/gitea/pull/10462
- https://github.com/go-gitea/gitea/pull/10465
- https://github.com/go-gitea/gitea/pull/10582
- https://github.com/go-gitea/gitea/commit/4cb18601ff33dda5edb47d5b452cc8f2dc39dd67
- https://github.com/go-gitea/gitea/commit/6f5656ab0ebec03fe63898208dabc802c4be46ab
- https://github.com/go-gitea/gitea/commit/ed664a9e1dae4d4660e60c981173bbc5102e69ea
- https://blog.gitea.io/2020/03/gitea-1.11.2-is-released
- https://github.com/go-gitea/gitea
- https://github.com/advisories/GHSA-jrpg-35hw-m4p9
Verify integrity in audit chain (admin only). AS-IS.